How To Protect Your Passwords Against Cyber Criminals

Cybersecurity is a cat-and-mouse game between users and malicious cyber attackers. With daily reports of data breaches and device exploits in the news, it can be difficult to fully understand what each of us should be doing to protect our online passwords and other personal data from cyber criminals. Sometimes the simplest solution can be the best solution to a problem.

When it comes to password habits, it’s surprising how many people use a variant of “1234” as either their entire password or part of their password. Security researcher Troy Hunt, creator of HaveIBeenPwned, recently released some mind-boggling stats around the number of weak passwords that have been part of data breaches and password dumps. This is a list of ten of the worst passwords Troy found:

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 11111
  6. 12345678
  7. abc123
  8. password1
  9. 1234567
  10. 12345

With a sample set of 6.8 million passwords from a data breach, 86% of those passwords were categorized as weak.

Why Your Password Can’t Be 1234

You may be wondering, “What is the big deal if I want to use “12345” as my password?” The problem with using this type of password is that cyber attackers know that people like to use simple passwords such as this. This gives them the opportunity to easily guess your password and gain access to your online accounts.

Why You Shouldn’t Reuse Your Password

To make matters worse, studies have shown that although people know that they shouldn’t reuse passwords, they still do. Earlier this year, LastPass conducted a survey and found that in a sample set of around 2,000 users, 91% of the participants said they knew that reusing passwords is bad, but 59% of the participants said they reused passwords anyway.

“91% of participants knew that reusing passwords is bad, but 59% of participants said they reused passwords anyway.” LastPass Survey

Whenever a data breach happens, cyber attackers will gather information about a user (e.g. name, e-mail address, exposed password, etc.) and then try the exposed password on multiple sites. For example, if an online retailer experiences a data breach and exposes passwords, an attacker can take the information from the data breach and try the passwords for a user on social media sites, banking sites, etc.

5 Tips for Securing Your Online Passwords from Cyber Criminals

Just like with sports, you don’t want to give your opponent an advantage. There are simple things you can do to ensure you’re not an easy target for cyber attackers

  1. Never reuse your password or parts of your password on different sites.
  2. Create a strong password by making sure it contains at least 14-characters long, both upper and lowercase letters and at least one special character.
  3. Use a password manager to not only organize and maintain passwords, but also to create passwords. Password managers, such as Dashlane and LastPass have built-in password generators that create unique, long, strong, passwords.
  4. Use a strong form of Multi-Factor Authentication (MFA). SMS is a weak form of MFA and should only be used as a last resort. Hardware such as a Yubikey provides the strongest form of MFA with an Authenticator App (e.g. Google, Microsoft, Authy) as the next strongest option for MFA.
  5. If you don’t want to use a password manager, you can use a mnemonic trick to remember passwords such as the first letter from lyrics in a song or a phrase, and add a special character or two (e.g. TtLshiWwyauatwshLaditS$& – Twinkle Twinkle Little Star).

By following these tips, you can help ensure that your password hygiene is strong and ensure that you are no longer part of the low hanging fruit that cyber attackers can easily exploit.

If protecting yourself, your family and your data is important to you, learn more about how Rubica provides enterprise-grade cybersecurity for individuals, families and teams.