{"id":195550,"date":"2026-03-13T11:01:00","date_gmt":"2026-03-13T15:01:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/13\/the-3-things-you-need-to-know-about-passwords-from-a-security-expert\/"},"modified":"2026-03-13T11:20:11","modified_gmt":"2026-03-13T15:20:11","slug":"the-3-things-you-need-to-know-about-passwords-from-a-security-expert","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/13\/the-3-things-you-need-to-know-about-passwords-from-a-security-expert\/","title":{"rendered":"The 3 things you need to know about passwords, from a security expert"},"content":{"rendered":"<p><a href=\"https:\/\/www.newscientist.com\/article\/2519280-the-3-things-you-need-to-know-about-passwords-from-a-security-expert\/\">The 3 things you need to know about passwords, from a security expert<\/a><\/p>\n<p><a href=\"https:\/\/www.newscientist.com\/article\/2519280-the-3-things-you-need-to-know-about-passwords-from-a-security-expert\/\">https:\/\/www.newscientist.com\/article\/2519280-the-3-things-you-need-to-know-about-passwords-from-a-security-expert\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-13 11:01:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.newscientist.com\">www.newscientist.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n                    Passwords are both a curse and a blessingtete_escape\/Shutterstock<br \/>\nPasswords occupy an odd place in our lives. They\u2019re both a blessing \u2013 keeping our data and information safe from anyone intruding into our IT systems and accessing them \u2013 and a curse, in that they\u2019re often difficult to manage and tricky to remember. Cybersecurity expert Jake Moore at ESET, a European cybersecurity firm, is here with three tips to help you rethink your relationship with passwords \u2013 and hopefully keep hackers at bay.<br \/>\n1. Use a password manager, even if it feels counterintuitive<br \/>\nI\u2019m a big fan of password managers, and I think they\u2019re wildly underused. Depending on where you are in the world, and who\u2019s doing the study, only around one-third of people use password managers. That to me seems a criminally low number. They\u2019re a gamechanger. They give you the ability to create long passwords for your account and to store them securely. They\u2019re so good at generating the passwords for you, you don\u2019t have to think of one.<br \/>\nThat\u2019s important because we know that when people are asked to come up with their own passwords, they tend to rely on things or words they know \u2013 all of which could be information a hacker or bad actor could have on you, and could make you vulnerable. They also nullify another big risk, which is people reusing passwords across accounts. If a password is used by someone else, even just one person, and that person\u2019s account is breached, it can end up in the tables of vulnerable passwords that are used to try and probe and test getting access to accounts.<br \/>\nI sometimes wonder why people don\u2019t use password managers more. It might be that they misunderstand how password managers work, thinking that storing passwords online somewhere that can be unlocked with a single password is insecure. But it\u2019s not. The vault in which the passwords are stored isn\u2019t just a simple list of passwords sitting on a server: your data is encrypted on your device with a strong key derived from your master password, and what\u2019s stored online is the scrambled cipher text, which even the password manager provider can\u2019t read without that key.<br \/>\n2. Multi-factor authentication is an absolute must<br \/>\nEven with the strongest password in the world \u2013 and national cybersecurity agencies recommend that a combination of between 14 and 16 different characters is enough to dissuade drive-by attacks \u2013 it\u2019s still possible to fall victim to hackers. Multi-factor authentication (MFA) adds a layer of friction for hackers to make sure that any login you make is approved by you, the user.<br \/>\nIt\u2019s an extra layer of security, such as a code to your phone. It can be done via SMS text message, but that\u2019s not as a secure as the other levels. Authenticator apps are to me a wonderful next level in MFA, and it\u2019s a shame people aren\u2019t forced to use it. If we think about Instagram, for example, they only inform once you hit 10,000 followers about the need to use MFA. It\u2019s as if they\u2019re thinking, \u2018Well, if we enforce it at 10,000 followers, they\u2019re going to do it because they don\u2019t want to lose their 10,000 followers. But if we enforce them to do that at signup, when they have zero followers, they might get bogged down by it and not open an account.\u2019 That to me is absurd.<\/p>\n<p>We shouldn\u2019t be putting people\u2019s ease of use ahead of security, and until we enforce it, we will still see people frantically worried about their social media accounts or any of their accounts being compromised. So turn on MFA wherever it is offered.<br \/>\n3. Where you can, avoid passwords entirely<br \/>\nPasswords are far from perfect \u2013 and handily, there\u2019s a more modern, secure alternative that\u2019s being adopted with increasing pace. We\u2019re moving towards a passwordless society, and that\u2019s a move in the right direction.<br \/>\nThis alternative is passkeys, and the beauty of them is they remove a lot of the human error from the equation. Instead of typing in a password, you sign in using your device or a secure key stored on your phone, often with a fingerprint. Behind the scenes, cryptographic keys do the hard work, but the user doesn\u2019t see that \u2013 it stays simple. The simplicity is why they\u2019re such a gamechanger: they take away the temptation to reuse an old password or add a predictable number on the end of something familiar.<br \/>\nIn some ways, they\u2019re too easy. When I talk to people they\u2019re suspicious of passkeys because they seem too simple. If it feels simple for them, they assume it must be simple for a criminal too. But that\u2019s not how it works \u2013 the tech behind the scenes is working far harder than you need to.<br \/>\nPasskeys aren\u2019t yet available everywhere, and there are still pain points, especially if you lose a device. But overall, passkeys are a major step forward because they remove one of the oldest and weakest links in security \u2013 the password itself.<br \/>\nAs told to Chris Stokel-Walker<\/p>\n<p>                    Topics:<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The 3 things you need to know about passwords, from a security expert https:\/\/www.newscientist.com\/article\/2519280-the-3-things-you-need-to-know-about-passwords-from-a-security-expert\/ Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":195551,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.newscientist.com\/wp-content\/uploads\/2026\/03\/13100038\/SEI_289037473.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,35],"class_list":["post-195550","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-hacker"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/195550"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=195550"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/195550\/revisions"}],"predecessor-version":[{"id":195552,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/195550\/revisions\/195552"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/195551"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=195550"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=195550"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=195550"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}