Click here to get this post in PDF
Weak passwords and password reuse are major cybersecurity issues. Strong passwords must be used in professional and business settings and by individuals for their personal accounts.
When you have weak passwords, or you’re reusing them across apps and accounts, you are putting yourself at major risk of getting hacked.
The risks of poor passwords include:
- If someone hacks one of your accounts and you reuse your passwords, they can gain access to all of your other accounts. When you use original passwords for all of your accounts, at least you can minimize some of the damage if they hack a single account.
- You can be putting your business or employer at risk. If you’re using your personal passwords for your business accounts, you may be responsible for a major breach and data loss.
- You can end up losing your personal financial and sensitive data. They can steal your money, photos, invoices, addresses, and more.
Around 88% of people say they reuse their passwords for different accounts.
The following is a guide as far as what you should know about weak passwords and how to make them safer.
1. You Can Use Google Chrome to Detect Weak Passwords
We all have so many passwords that we use on a daily basis. You might not even know if any of yours are weak. Google Chrome introduced a feature a couple of years ago that warns you if your passwords aren’t strong enough.
The feature detects and reports weak passwords automatically.
2. Signs You’re Using Weak Passwords
Along with the Google automatic checker, there are some red flags that tend to indicate you’re using weak passwords.
- You’ve used a password more than once. This red flag really is this simple. Even if the password you’re reusing is super strong on its own, if you’re reusing it, you’re negating that. Your password could already be for sale on the dark web. For employers, the same thing is true. If you’re an employer and your employees are using the same password to log into work assets that they use elsewhere, the security of the whole organization is at risk.
- Another red flag of a weak password is one that includes personally identifiable information. This might include your child’s name, a pet’s name, or a birthday. These are things that a hacker can easily find online.
- You aren’t changing your passwords on a regular basis. Think back to the last time you changed any of your most important passwords. If it wasn’t recently, then they’re weak.
- A weak password is typically one that’s very short. Complex passwords should include at least 20 characters. If you have a password that’s eight or fewer characters, it can be cracked in under a minute by software.
- You should have lockouts enabled whenever possible. In a brute force attack, hackers use trial and error to try and guess passwords. A lockout is when they’re blocked after a certain number of attempts.
3. Make Passwords Long
One thing to keep in mind for more secure passwords is to ensure they’re long enough. A password should be a minimum of 12 characters, and security experts say it’s best to use a passphrase instead of a password.
If you’re using a passphrase, it should be around 20 characters, and it might include random words, numbers, and symbols.
4. Mix It Up
When you’re creating passwords, use symbols, numbers, and capital letters.
5. Know How Passwords Get Hacked
If you can have a basic understanding of how hacks work, it can help you protect yourself.
There are a lot of ways cybercriminals hack passwords.
For example, there’s a dictionary attack, which is a type of brute force attack. A hacker will use a malicious program to scan and then test every word in a dictionary as a password. If you don’t use real words and integrate characters, numbers, and letters, it can protect you against this.
Phishing is characterized as a social engineering scam where the goal is to trick users into giving their login credentials. A hacker will use malicious links as well as cloned websites. Then you’re prompted to put in your login information. Check the links before you click on anything to avoid phishing attacks.
Password spraying is a technique where bad actors guess passwords. They use a list of frequently chosen passwords, testing them against a username.
With keylogging, a hacker installs malware that can track the keystrokes someone makes on their computer. These are more challenging to pull off, but the hacker, if they’re successful, can end up getting access to all of their victim’s accounts.
6. Use a Password Manager
One of the reasons that so many people are lazy with their passwords and reuse them or make them too simple is that they worry they won’t remember them otherwise. A password manager is a tool that helps you come up with passwords and then securely manage them.
A password manager is a software application that stores and manages credentials, and the passwords are stored in an encrypted database, protected behind a master password.
Once you enter all your usernames and passwords, then you just have to remember your master password.
Password managers automatically generate highly secure passwords for you, and they can alert you of phishing sites.
They protect against identity theft because they segment your data across all the applications and websites you use. If someone hacks one account, they aren’t going to be able to get into all the others.
Password managers occasionally get hacked, but overall they have a strong record.
7. Implement Multi-Factor Authentication
Finally, multi-factor authentication or MFA is an authentication method requiring users to provide two or more forms of verification before they can access a network, website, or application.
The first type of MFA is something you know, which is your password or maybe a PIN. The second factor could be something you have, like your phone, and the third is something you are, such as a fingerprint or retina scan.
You may also like: How to Safely Secure Passwords
Image source: Shutterstock.com