Three password myths debunked

What makes a secure password?

What makes a password secure? Let’s bust some myths.

With high-profile leaks and hacks going on these days, it’s important to know what actually makes a secure password, and what is just superstition.

Myth 1: Complexity is more important than length

When it comes to passwords, length is king. It takes a modern computer less than one second to “brute-force” crack an eight-character password – no matter how complex it is.

Doubling your password length to 16 characters increases the time it takes to crack it to thousands of years.

Think passphrase instead of password when making a long password. Something like “My1FavouriteIceCreamFlavourIsDurian” should keep brute force attacks at bay.

Myth 2: You should change your password regularly

Many organisations have rules that require regular password changes, but this can actually be more harmful than helpful to overall security.

If you have a strong password, it won’t suddenly become less secure the longer you use it.

Additionally, people may get frustrated by having to constantly think of new passwords and fall into bad security habits to compensate, like writing their password on a note and sticking it to their PC screen.

Myth 3: You don’t need a strong password with 2FA

Users who switch two-factor authentication (2FA) might use a weak password, simply believing they will be safe behind 2FA’s “bulletproof wall”.

While 2FA certainly does make your account more secure, you should always couple it with a strong password to ensure you have the best security.


Our friendly Tech Specialists can give you more password tips; simply press the chat button for help.