Your Password Might Not be as Strong as You Think
There’s always talk about how password strength is important to identity proofing yourself online, but how do you even know if the password you’re using is strong enough to ward off security threats?
Some sites try to answer this problem by creating password strength meters. If you don’t know it by name, you certainly know it by color. Red is poor, yellow is mediocre, and green is the goal. But even once you hit the green marker, that doesn’t mean your password is as strong as it needs to be.
Specsops recently wrote a fascinating piece about why password strength meters aren’t always what they seem.
Key Takeaways From the Article
- As a whole, users haven’t gotten better at making strong passwords.
- Password meters really focus on length and how many types of characters you’re using. It doesn’t detect originality.
- In some cases, password strength meters might reinforce poor practices among users. Maybe your password passed every strength test with flying (green) colors, but that doesn’t mean it’s a good password at all.
- There are great alternative password strength meters, like zxcbvn.
True identity assurance doesn’t come through a password, it comes through multi-factor authentication. A multi-step security solution such as obtaining a Piv-I credential and fingerprinting is a substantially better way of keeping everything valuable to you more secure.
You can read the rest of the article here.