Dec 02, 2025 07:00:00

A group of experts urges companies to stop using outdated security advice such as 'avoid public Wi-Fi,' 'don't scan QR codes,' 'don't charge devices with public USB ports,' and 'change passwords regularly.'

A group of active information security officers and security experts is calling on the public, businesses, journalists, and policymakers to put an end to ' hack lore ,' the false security advice that remains widely circulated online and in public columns.

The Letter — Stop Hacklore!

https://www.hacklore.org/letter

The expert group has identified six hack lores:

1. Avoid public Wi-Fi

Large-scale security breaches over public Wi-Fi are extremely rare at the time of writing. Modern products use encryption technology that can protect traffic even over open networks, and operating systems and browsers now warn users about untrusted connections. Personal VPN services offer little to improve security or privacy for most people, and they do nothing to stop common cyberattacks.

2: Don't scan QR codes

There is no evidence that scanning QR codes itself has led to widespread crime. The real risk is

social engineering scams, which can be prevented by using existing browser and operating system protections, and by being careful about the information you provide to websites.

3: Don't charge your devices at public USB ports

'Juicejacking' is a cyberattack that allows devices to be hijacked by plugging them into public USB ports. However, there are no known cases of juicejacking affecting everyday devices. Most modern devices display a notification before initiating data transfer and prevent data transfer without user permission.

Is 'juice jacking,' where your smartphone is hijacked when you use a public charging port, really possible? - GIGAZINE

4: Turn off Bluetooth and NFC

Wireless exploits are extremely rare in the real world. Successful wireless exploits require specialized hardware, physical proximity, and an unpatched device. Modern smartphones and laptops separate these components and require user consent for pairing, making this extremely difficult.

5: Clear your cookies regularly

Clearing your cookies does not significantly improve security or stop modern tracking, including non-cookie identifiers and

fingerprinting .

6: Change your password regularly

'Changing your passwords regularly' used to be common security advice. However, there is no evidence that changing your password reduces cyber attacks. In fact, experts point out that changing your passwords frequently can have the opposite effect, as it increases the likelihood of weak passwords being used repeatedly, such as by reusing certain words.

The security group stated, 'Hacklore, while well-intentioned, can be misleading. It takes away from the limited time people have to protect themselves and distracts from actions that truly mitigate the likelihood and impact of a breach. Sound security guidance must be accurate, relevant, and actionable. With this standard in mind, we encourage you to replace the above advice with clear, fact-based guidance.'

The four security tips for general users are to keep your important devices and applications up to date, enable multi-factor authentication, use strong passphrases, and use a password manager.