How to create strong digital passwords
Cybersecurity is a cat and mouse game between users and malicious attackers. With all of the reports of data breaches and device exploits in the news, it can be difficult to fully understand what you, the user, can do to protect yourself from cyber attackers. As we have all learned, sometimes the simplest solution can be the best solution to a problem.
When it comes to password habits, it is staggering to see how many people use a variant of “1234” as either their entire password or part of their password. Security researcher, Troy Hunt — who is the creator of HaveIBeenPwned, released some mind-boggling stats around the number of weak passwords that have been part of data breaches and password dumps. This is a list of ten of the worst passwords Troy found:
With a sample set of 6.8 million passwords from a data breach, 86% of those passwords were categorized as weak/terrible.
What’s the big deal if I use “12345” as my password?
You may be wondering, “What is the big deal if I want to use “12345” as my password?” The problem with using this type of password is that cyber attackers know that people like to use simple passwords such as this. This gives them the opportunity to easily guess your password and gain access to your online accounts.
To make matters worse, studies have shown that although people know that they shouldn’t reuse passwords, they still do. Earlier this year, LastPass conducted a survey and found that in a sample set of around 2,000 users, 91% of the participants said they knew that reusing passwords is bad, but 59% of the participants said they reused passwords anyway.
“91% of participants knew that reusing passwords is bad, but 59% of participants said they reused passwords anyway.” — LastPass Survey
Whenever a data breach happens, cyber attackers will gather information about a user (e.g. name, e-mail address, exposed password, etc.) and then try the exposed password on multiple sites. For example, if an online retailer experiences a data breach and exposes passwords, an attacker can take the information from the data breach and try the passwords for a user on social media sites, banking sites, etc.
3 tips for securing your password from cyber criminals
Just like with sports, you don’t want to give your opponent an advantage. There are simple things you can do to ensure you’re not “low hanging fruit” for cyber attackers.
- Use a password manager to not only organize and maintain passwords, but also to create passwords. Password managers, such as Dashlane and LastPass have built-in password generators that create unique, long, strong, passwords.
- Use a strong form of Multifactor Authentication (MFA). SMS is a weak form of MFA and should only be used as a last resort. Hardware such as a Yubikey provides the strongest form of MFA with an Authenticator App (e.g. Google, Microsoft, Authy) as the next strongest option for MFA.
- If you don’t want to use a password manager, you can use a mnemonic trick to remember passwords such as the first letter from lyrics in a song or a phrase, and add a special character or two(e.g. TtLshiWwyauatwshLaditS$& — Twinkle Twinkle Little Star).
By following these tips, you can help ensure that your password hygiene is strong and ensure that you are no longer part of the low hanging fruit that cyber attackers can easily exploit.
If protecting yourself, your family and your data is important to you, learn more about how Rubica provides enterprise-grade cybersecurity for individuals, families and teams.
