Password Security Notes From a Beginner

Password security is basic, but it matters because weak credentials are still a common reason accounts get compromised.

What I learned

The biggest risk is reuse. If the same password is used on multiple sites, one breach can affect many accounts. A password manager helps create and store unique passwords.

Password length matters because longer passwords are harder to guess or crack. Randomness also matters. A long password made from predictable personal information is still weak. A password manager helps because humans are not good at remembering many strong unique passwords.

MFA

Multi-factor authentication adds another check beyond the password. It is not perfect, but it makes many attacks harder because stealing only the password is not enough.

MFA can be something I know, something I have, or something I am. A password is something I know. An authenticator app or hardware key is something I have. Biometrics are something I am. Stronger accounts usually combine more than one factor.

Hashes

Systems should not store plain-text passwords. They should store password hashes with proper protections. As a beginner, I am learning the difference between encryption and hashing because they are not the same thing.

Encryption is meant to be reversible with the right key. Hashing is meant to be one-way. When a user logs in, the system can hash the submitted password and compare it with the stored hash. A secure system should also use salts and slow password hashing methods.

Common weak habits

Using the same password everywhere.
Using names, birth dates, phone numbers, or simple patterns.
Saving passwords in plain text notes.
Ignoring MFA on important accounts.

Personal rule

For important accounts, I use unique passwords and MFA. This is a simple habit, but it is one of the most practical security improvements.