Is it better to have a strong password or a weak password plus two-factor authentication (2FA)?

We have lessons here on what we should do. We know why it’s important, but the practice is that when someone tells us to come up with a strong and unique password for every account, it doesn’t quite work. Random or pseudo-random strings of numbers, letters, and characters go memorized when there aren’t that many of them, but we have dozens of accounts or more on the Internet.

Weak passwords are then not an option, but turning on two-factor authentication, where we have to add another authentication in addition to the password, either biometric authentication or entering another code.

The purpose of two-factor authentication

Password and two-factor authorization work in symbiosis. The password is something we know, and the second authentication method is something we carry. This can be a mobile phone, a special USB or other device, but it can also be a fingerprint, for example. So in addition to the password, another layer of authentication is needed to log in.

It’s not just another password that needs to be cracked, but another level of difficulty for the hacker, where in addition to the password they have to contend with another protection that no longer needs to be overcome, or at least not in the time it takes to change the password.

It is this second layer that adds to the security to such an extent that the hacker will not want to launch an attack at all, even though he should theoretically know how to crack even an account secured in this way. But if you are a random person without access to the most totally unclassified information, then firstly, you are James Bond, and secondly, the hacker will prefer to find other and much more tempting targets among people who use lightweight, repeated or even long-broken and frequently used passwords .

So why use a strong password at all?

Because no system is one hundred percent secure.

If your first factor is a weak or reused password, then that literally defeats the whole purpose of two-factor authentication. You’re left with only one functional factor. It is then a question of whether it is secure enough.

A code card in your wallet will protect you from online hackers, but pickpockets can also use computers. Iris recognition sounds impregnable, so where’s the flaw? Many 2FA systems offer backup login options or a special code you can use if the standard authentication method fails. In such cases, you don’t need to use the latter factor to authenticate. And it also means that the hacker doesn’t have to either.

In a 2FA system, you can’t anticipate all possible vulnerabilities or underestimate the ingenuity of hackers. That’s why a strong password is a must.

Do you really need to choose between a strong and a weak password? Actually, no

You don’t have to choose between a 2FA and a strong password. You only need a password manager.

Strong and unique passwords are hard to remember and hard to enter. Password managers, however, generate strong passwords and keep them secure and encrypted. They also fill them in on forms for you, so you don’t have to keep entering that jumble of characters. You then remember a single very strong password that serves as access to the passwords of others.

Related Articles

Back to top button