Resolve to Lose Weak Passwords in 2020
The 2017 Verizon Data Breach Investigations Report (DBIR) cited compromised, weak and reused passwords as being the cause of 81% of hacking-related breaches. Two years later, things remain essentially unchanged, with the figure in the 2019 DBIR at 80%.
Despite repeated warnings from cybersecurity experts, people continue to reuse the same letter or number combination for all their accounts, says NordVPN, a personal virtual network provider and creator of the password manager NordPass.
“Most people prefer to use weak passwords rather than trying to remember long, complex ones,” said Chad Hammond, a digital security expert for NordPass. “It also usually means they use the same ones for all their accounts. And if one of them ends up in a breach, all other accounts get compromised, too.”
“2019 has seen the most data breaches in history, and those cyber incidents have affected billions of internet users,” Hammond said. “People struggle creating passwords, and this is one of the main reasons why users stick to the primitive ones.”
The U.K.’s National Cyber Security Center (NCSC) analyzed data from the Have I Been Pwned website and discovered that far and away the most commonly hacked password — used by 23.2 million of those hacked worldwide — was “123456.” Rounding out the top five were “123456789” — 50% longer, but obviously not 50% harder to crack— with 7.7 million users, “qwerty” with 3.8 million users, “password” with 3.6 million users and “1111111” with 3.1 million users.
“Passwords should help protect us instead of putting our privacy in danger,” said Hammond. “It is as important as ever that internet users step up their cybersecurity game.”
So what passwords should you avoid? And what else can you do to make sure your passwords are secure? Scroll through the gallery below to find out.
Most experts recommend against using proper names — especially your own. And stay away from obvious and easy-to-use number combinations and strings of letters formed by pressing successive keys on the keyboard, such as “poiuyt,” “asdfgh” or “5thnm.” Rule of thumb: The easier it is for you to remember, the easier it is for a hacker to crack.
Your passwords should be like snowflakes — the one you use for each account should be unique. And that means unique, not just variations on a core word, like “beachbaby1” and “beachbaby2.”
When that website asks you to enter a password of at least eight characters containing numbers, upper- and lower-case letters and perhaps even a special character, remember that when it comes to password security, volume trumps variety. Wired magazine points out that passwords with 12 or more characters are much harder for hackers to decipher. Many will just move on, especially with so many easy targets from which to choose.
When your browser asks you if you want it to remember a password for you, always choose the “Never” option. Why? Security for this feature is usually sketchy at best — and if your browser is hacked, there go all your carefully crafted passwords.
Make a thorough review of all the online accounts you have and delete the ones you no longer use. Not only does this help reduce your exposure, but if a website you no longer visit is breached, you might never hear about it. Wonder if it’s already happened? Go to haveibeenpwned.com and enter your email address to see if you have an account that’s been compromised in a data breach.
Use two-factor authentication whenever you can. (Amazon, Apple, Dropbox, Facebook, Google, Instagram, LinkedIn, Microsoft, Paypal, Pinterest, Reddit, Slack, Snapchat, Twitter, WordPress and Yahoo – among others – all have it.) It’s an extra layer of protection that’s quick and easy to use.
Of course, when the login information for each website you use is as unique as a snowflake, in no time at all you’ll be buried under a blizzard of passwords. You can go old school and keep a written log of all the information, or you can follow the advice of security advisers and get a password manager, a software application that will store and manage your passwords for you. Your passwords are stored in an encrypted database that’s accessed with a master password. You have only one password to remember — and that one you should probably write down. An extra bonus: Password managers provide login information to websites on the basis of URLs. A phishing website might look legitimate, but because it lacks the correct URL, the login information won’t be provided.
Most password managers include a password generator that will create random, complicated passwords for you to use. Many of them include filters that allow you to determine the password length and whether to include symbols, numbers, and lowercase and uppercase characters. Passwords are generated locally and never sent across the web.
Strong passwords, two-factor authentication and password managers are all important in keeping your online accounts secure. Still, you need to remain vigilant. Check your accounts regularly and if you detect – or even suspect – unusual activity, change your password immediately.
