These Are the Common Password Misconceptions

Make sure to read this article twice so you don't lose your account over a weak password...


Like it or not, passwords are here to stay — at least until we figure out something better (and we are already on that way with the use of biometrics). Still, outside of your phone, you will in most cases be required to choose and later use a password.

But while common, passwords are also not perfectly understood, with many folks having misconceptions about their use. And that’s what we’ll be talking about today – here are some of the most common misconceptions about passwords:

1. Passwords are secure

It all depends on your point of view. Sure, systems using passwords are more secure than those not doing so, but that doesn’t make them super-secure. Modern systems also use multi-factor authentication which is even more secure as it requires input from at least two devices — say your computer (password) and your phone.

Generally speaking, secure or strong passwords are unique and can’t be guessed by anyone — meaning they use a combination of letters (lowercase AND uppercase), numbers and special characters. Also, they are transferred through proper secure channels, which would be an HTTPS connection on the Internet.

2. Passwords don’t have a maximum length

It all depends on the way the software running on a website or in an app has been coded. The developers behind the site/app don’t have to set the maximum length but they can.

Generally speaking, most sites/apps require users to create a password that is at least 8 characters long. For enhanced security, you can double that number and use a 16 characters password that is virtually impossible to crack. Or you could go overboard in some cases, like your crypto wallet, and use an even longer password. It’s your money so it’s up to you to “treat” it properly.

3. Length matters the most

While it is important, the length of the password is not the only important ingredient of a secure password. For instance “ThisIsMyVeryLongAndSecurePassword” fits the “long password” bill, but since it doesn’t use numbers and special characters — there is a chance it could be guessed in a brute-force attack. So make sure to go beyond letters when choosing your password.

4. Passwords can include all kinds of characters

This is another thing that is dependent on the developer of the site/app. He/she may or may have not included support for Unicode characters for passwords.

If the Unicode support is supported, you can even use emojis in your password, but if it’s not there – you may not be able to use Cyrillic characters.

I guess you can try different combinations or “play safe” and go with the regular Latin characters, but still opt for a long password that mixes uppercase and lowercase letters with numbers and special characters.

5. Passwords should not be memorable

Personally, I only know a few of my key passwords whereas for everything else – I use a password management app. This makes my life that much easier and that’s the practice I preach to everyone I know.

If you want an impossible-to-guess password, you’ll pretty much have to generate it and then you won’t be able to remember it. And you don’t have to, as that would be the job of the mentioned password management app/service — which would be one of the very few services for which you have to remember the password.

6. We won’t be using passwords in the future

Biometric data such as your/our fingerprint and technologies such as facial recognition promise a brave new (scary?) world where passwords won’t be needed. That is also the way many of us unlock our phones these days, but the world without passwords is still far away.

So, make sure to read and re-read these lines so you don’t end up with a weak password that could potentially lead to the loss of your data. Use a good password manager like LastPass, NordPass or 1Password and let them remember the hard stuff for you. So you could focus on other things that matter more. 😉