Security experts for years have told Internet users how it’s important to select passwords that contain at least six letters, a couple of numerals and some superfluous capitalizations to ward off hackers attempting to log onto their computers and online accounts.
But all the best and most obscure (to say nothing of impossible to remember) passwords in the world aren’t going to protect users from keyloggers and sophisticated phishing scams that use even more insidious techniques to capture online account and log-in data without ever needed to take an educated guess at a password.
eSecurity Planet takes a closer look at why many security experts are now saying that passwords are overrated as a security mechanism and more time and effort should be spent at the server level where most of the data breaches and thefts could be more easily prevented.
A recent headline in a major news outlet announced, “Please do not change your password” because, as the sub-head teased, “it’s a waste of your time.” The paper cited in the story is the latest salvo questioning a certain orthodoxy about computer security—that strong, cryptic passwords are the keystone to personal security online.
This oft-repeated advice may be at best, outdated, and at worst, counterproductive, potentially exposing users to more risk rather than less.
When creating accounts, users are often told to choose “strong” passwords—meaning that they are of sufficient length (often longer than 6 characters) and include a combination of characters that do not resemble simple words.