Expert Debunks Worthless “Security” Practices And Myths

Share post:

IT expert Sean Gallagher recently published a list of the most worthless security practices that everyone should avoid. Below are five of the most prolific cybersecurity myths.

MYTH 1: Change Your Password Every 30 Days

The low security of short passwords has led to new guidelines requiring passwords to be changed regularly. However, policies that restrict the characters that can be used as passwords tend to weaken complexity and security. Long passwords with characters, spaces, and punctuation marks are much more memorable for the user than arbitrary numbers that can easily be forgotten.

Users are instead advised to choose a relatively long and complex password for home or work computers and only change it if it is stolen or shared with someone. Changing passwords every 30 days or as required only makes it more difficult to remember passwords and can result in users developing poor password creation workarounds that lead to less secure passwords.

MYTH 2: Don’t write it down.

Passwords should only not be written down in public places such as the desk or cubicle. Moreover, many two-factor authentication services encourage printing and saving recovery codes if users ever lose access to a second-factor app or device. You can also choose to save them in your device’s password manager.

Such high-quality passwords should be complex and memorable, but when used very rarely, they tend to be more easily forgotten, so it is actually a good idea to write them down in a secure, private place.

However, never store passwords in a text file or any other unencrypted format that does not have password protection.

MYTH 3: 2FA is scary.

Two-factor authentication (“2FA”) is an excellent way to protect login credentials after a threat actor manages to steal a user’s password. Any 2FA is better than no 2FA, as 2FA thwarts nearly 90% of all hacking attempts.

But just having 2FA is not a guarantee that someone won’t succeed in getting what they want. If you receive an e-mail link that will navigate you to a website that asks you to enter your login credentials, and you then receive a 2FA warning for your login, be vigilant, as this does not lead to the legitimacy and trustworthiness of the link. Take a close look at this link and do not just enter the code or click the approve button. If in doubt, stop the process altogether.

MYTH 4: Your VPN protects you.

Virtual private networks are no longer very useful; they merely hide the Domain Name Service requests a user makes and the resulting IP addresses that are visited by the Internet Service Provider. This significantly prevents a user’s ISP from collecting data about their Internet habits but instead gives this privilege to the VPN provider.

In such cases, VPNs do not prevent VPN providers from using panic advertising to get you to download VPNs for your computer or phone.

MYTH 5: You don’t need antivirus.

An updated Microsoft Defender installed on a properly configured Windows 10 or Windows 11 system is very well suited for blocking known threats. However, the number of misconfigured, semi-disabled, un-updated systems is, unfortunately, the majority of computers that are connected to the Internet. Therefore, antivirus is extremely important.

If any software tells you to disable the antivirus software for a folder so that it can run properly, the best advice is to just not use this software.

For more information, read the original story in Ars Technica.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways