You’ve seen the memes and the warnings on social media — answering questions about your life history is ruining your password safety. It’s giving the bad guys the information they need to figure out your passwords and get the answers to your security questions.

But is that true? Are people lurking on social media waiting for you to reveal your favorite school teacher and your prom date? Someone with a grudge against you may use that information to do some damage, but in general, cyber criminals aren’t micro-targeting individuals. Rather, they are more likely to use a social engineering attack, like a malicious video or phishing email based on your social media algorithms, to gain access to your network and data.

No one should share sensitive information about themselves (which can be used for many other nefarious reasons). But this being a direct route to a password is one of the many myths that swirl around password safety.

Without a doubt, password security is vital for an organization. Access credentials, including passwords, are the gateway into your network. Yet, the password continues to be a security hot spot. Employees are usually the weak link in credential failures. But, that could be due to a lack of awareness of how threat actors actually harvest password information. Once these myths about passwords are disputed, organizations can improve on their security awareness training surrounding password hygiene.

Password Safety Myth No 1: Never Write Down Your Password

Fact: For decades, the most common advice surrounding password security was to never write it down. While you don’t want to tape your password to your computer screen and then share a photo of it on social media (like one congressman did), writing down passwords and storing them in a safe place is fine. Threat actors use more sophisticated methods such as keylogging or brute force password attacks. The important thing to remember is most cyber criminals want access to as many systems as easily as possible. One password at a time at a local level doesn’t matter to them.

Myth No 2: Using Text Messaging as Multifactor Authentication (MFA) Security is Best

Fact: Using text messaging for MFA is certainly easiest for most people, but it isn’t the best way to ensure password safety. A new attack vector is your mobile phone number, which threat actors steal through SIM swapping.

An attacker looking to do a SIM swap will contact your phone provider and pretend to be you. Your number is then linked to the SIM card used by the bad guy. They will then have access to any MFA that comes to your phone as a text, as well as any of the personally identifiable information on your phone. Other MFA options such as biometrics or authenticators are a better option.

Myth No. 3: I Don’t Need Password Safety Tips; My Passwords are Unique and Secure

Fact: With billions of passwords, it is unlikely that any password is truly unique. Most users create ‘unique’ passwords by changing letter cases or adding a symbol, and they do this after alerted the ‘old’ password was breached. Threat actors use techniques like password spraying to try millions of common passwords to gain access into a network. And yes, while your passwords may indeed be unique and hard to crack, it only takes one bad password to gain access to the entire system.

The more users know about how threat actors acquire passwords should go a long way in improving password safety. Debunking myths is the first step.

More from Mobile Security

How the Mac OS X Trojan Flashback Changed Cybersecurity

Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that "it doesn't get PC viruses". But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we'll revisit how the Flashback incident unfolded and how it changed the security landscape forever. What…

Switching to 5G? Know Your Integrated Security Controls

5G is a big leap in mobile technology. It presents enterprises and service providers with capabilities for advanced applications, content delivery and digital engagement anywhere. It enables businesses with new use cases and integrated security needs to have a trusted network and application/data delivery function. How does one build a secure 5G network that provides the level of trust required by users today and in the future? The Benefits of 5G 5G's new use cases come from: Customized network slices…

IAM Secures the New, Perimeter-less Reality

Necessity may be the mother of invention, and it also drives change. To remain competitive in 2021, companies had to transform rapidly. Today, many of us work from home. Remote and hybrid work models have become the new normal. But what about security? In one recent survey, 70% of office workers admitted to using their work devices for personal tasks, while 69% used personal laptops or printers for work. Also, 30% of remote workers let someone else use their work…

Will the Metaverse Usher in a Universe of Security Challenges?

How much do you know about the metaverse? Everyone started talking about the metaverse in the summer of 2021. Facebook CEO Mark Zuckerberg kicked it off with his plan to focus his company on building what he imagined would be the future of social, business, leisure and culture: the metaverse. He even changed the name of his company from Facebook to Meta. Since then, the chatter about the coming changes has been loud. Silicon Valley, the global tech industry, the…