A strong password vs. 2FA with a weak password

2020-01-14 - 5 min read

There’s what you’re supposed to do and what you actually do. You’re supposed to have strong and unique passwords for your every account. But it’s not easy to remember dozens of random strings of letters, symbols, and numbers. Maybe a weak password is enough as long as you use 2FA authentication as well?

The purpose of 2FA

Two-factor authentication (2FA) adds an extra factor to your usual login process. That second factor can be another password, biometric data (iris recognition, fingerprint, face scan, or even your DNA), or a physical object (second device, smart card, or token).

2FA is not just an additional lock on your digital door — it creates another layer of complexity in your online defenses. If a hacker manages to crack your password (for example, with a dictionary attack), they need to use a different attack against the second factor.

Few hackers would invest their time and resources to launch multiple attacks against a random online target. In other words, unless you’re a secret spy who keeps government secrets on your hard drive, hackers have other, less secure fish to fry. And if you’re a spy and you keep TOP SECRET files on an internet-capable device, you should lose your job, Bond.

So why use a strong password at all?

Because no system is 100% secure.

If your first factor is a weak or reused password, that defeats the whole purpose of two-factor authentication, literally. You’re left with only one working factor. Is it secure enough?

A code card in your wallet will shield you from online hackers, but pickpockets can use computers too. However, iris recognition sounds impregnable — how could it fail? Well, a lot of 2FA systems offer backup login capabilities — in case your iris scanner breaks down, for example. In those cases, you don’t have to use 2FA to authenticate yourself. That means a hacker also doesn’t have to.

You can’t anticipate all possible vulnerabilities in a 2FA system. That’s why a strong password is a must.

The false dilemma

You don’t need to choose between 2FA and a strong password. You just need a password manager.

Strong and unique passwords are hard to remember and troublesome to type in. But NordPass generates strong passwords and keeps them safe, sound, and encrypted. NordPass also auto-fills online forms, so you don’t need to type the ksf&^(t^KG6875_O every time you log in.

Will you be 100% secure with 2FA and a password manager? No. But you will be much more secure than the next guy.

Chad Hammond
Chad Hammond
Verified author
Chad loves traveling and technology. His global view and open-mindedness add interesting angles to various security topics. He has already traveled to over 80 countries and is not planning to stop any time soon.
Subscribe to NordPass news