Passwords: Not as Secure as You Might Think

Oct 30, 2018 | Blog

We’ve all heard that in order to protect our information and online accounts we need to create complex passwords with uppercase and lowercase letters, numbers, and special characters, right? Following such advice, does, in theory, produce passwords that are difficult to be hacked. Reality, however, tells us that while complex passwords provide better security, they also create new kinds of risks.

First, due to the limitations of human memory, complex passwords are more likely to be written down than familiar, easily-remembered passwords. This means that utilizing complex passwords increases the risk of passwords being exposed through insecure storage. People who don’t write down their passwords risk forgetting a complex password and having to go through a frustrating process of resetting it.

Storing complex passwords in a smartphone app is not an ironclad solution either. Password storage apps place numerous pieces of sensitive information in one place, and as a result, must be properly secured. Properly protecting the app and the data that it stores can make looking up a password an infuriating process involving entering long, complex passwords and waiting for various decryption functions to run. Of course, if such an app — or the phone itself — were ever infected with malware, the impact could be devastating.

In addition to the risks created by memory limitations, there is a major concern about how strong the complex passwords truly are, and how well they stand up to hacking tools. Research shows that the actual security provided by complex passwords is often far less than one would expect based on the password’s theoretical strengths. One major issue with complex passwords was published last year by a research team from Carnegie Mellon University, which explained that predictable human tendencies often dramatically undermine the strength of complex passwords.

For example, on systems that require passwords to include both upper and lowercase characters as well as a number, a widely disproportionate number of passwords created will follow such pattern: an uppercase character followed by lowercase characters, and then ended with a single digit. Similarly, the researchers found that when people are required to create long passwords, they often repeat a short password twice. As a result of these human tendencies, password cracking is easier than ever.

So how should you best address these issues?

I wrote a blog on passwords a couple of months ago discussing this very topic after The National Institute of Standards and Technology (NIST) had issued new guidelines regarding secure passwords. The 3 guidelines were (and please refer to the previous password blog for more detail):

1. Remove periodic password change requirements.

2. Drop the algorithmic complexity song and dance.

3. Require screening of new passwords against lists of commonly used or compromised passwords.

Hopefully this helps! I know at the very least it should get you thinking about doing more to protect yourself in the password arena. I know it helped me and got me thinking smarter.

Please contact us for any questions you may have on password screening! We’re happy to help and point you toward software that can make this process simpler.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation


Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!


Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523