A Beginner’s Guide to Passwords and Why You Shouldn’t Use Them
by Nick Moran, on Tue 04 May 2021
Odds are you’ve been living under a rock if you don’t know what a password is in the 21st century, but the odds are much better that you’ve been using your passwords the wrong way.
For World Password Day this year, users around the world are realizing that improving your digital security is growing more and more important as important facets of our lives — banking, shopping, personal health, and more — are shifting online. From your digital wallet to social media, parts of our lives are lived online.
The door to your online life is the login screen, and each web service you use has a door with your name on it. Each comes custom-fit with a personalized lock (your username) and a customized key (your password).
In this case, the power of a password is a double-edged sword.
On one hand, it’s the key to letting you access your account, many users want something they can remember easily. They then use that same password on all sorts of accounts, so one key opens a handful of locks.
But on the other, that formula equates to compromised credentials just as much as it does convenience. A password that uses a predictable string of letters or numbers is easy to crack. After that, if a hacker gets a hold of one key that opens all of your accounts, the effects of one breach could multiply when paired with a common username, like your email.
To combat this, some security professionals will tell users to add layers of security to their passwords.
First, they can turn a single word or phrase (“securitypro”) into something harder to crack with numbers (“securitypro56”), capitalization (“SecurityPro56”), special characters (“SecurityPro56!”) and breaking up full strings of predictable words (“Secur1ty$Pr056!”). The more complex, the better.
Beyond complexity, some users bolster security with multi-factor authentication (MFA), such as sending a text message to a paired phone number and entering a custom PIN number. Other options include email verification, authenticator apps and more.
But as secure as that sounds, each step has its own weakness.
Even the strongest passwords can be obtained through social engineering (things like suspicious links or emails designed to look official so they can steal information). A stolen phone or compromised email makes some MFA protections useless.
While each proposed feature sounds secure in its own right, as long as there’s a key to steal, hackers will try to steal it.
The security solution is simple: get rid of the traditional lock and the key altogether.
What takes a username and password’s place is a new solution: WWPass.
Instead of a lock and key, imagine walking up to a bouncer at the door, giving them a smile and being allowed inside. Unless a hacker was your identical twin, there’s no way that bouncer is letting them in.
Technically speaking, WWPass leverages WWPass Key to create a series of encrypted user identities for each of your online services. Using your phone — which literally puts logins into your hands — you can effortlessly log into various services without a username or password.
The leap to axing your passwords is admittedly an intimidating one, and a step that is often curtailed by popular websites not supporting password-less login.
If you want to take a step in the right direction, you can opt for a security-first password manager like PassHub.net. It uses WWPass technology to store and secure your passwords. Make them as long and complex as you want — as long as you have your phone to log into your account, PassHub handles the rest of your login needs.
So this World Password Day, consider how important digital security is and don’t even give hackers the chance to attack your information — ditch passwords altogether.