Do you use any of the world’s most common passwords?
If you’re currently securing your account (or worse, several accounts) with a basic phrase such as “iloveyou” or “123456”, there’s a good chance you’re compromising your safety. As this infographic on common passwords shows, the passwords and passphrases in the highest use worldwide are no secret.
Or are your passwords among the 500 million or so that have been compromised in a previous, known hack? Or perhaps you find it hard to remember passwords, so you use a variation of the same one across all of your accounts.
If any of these situations sound familiar, your sensitive information is at risk. Here we review ways to protect your digital life and ensure your safety online.
Digital hygiene and your passwords
Digital hygiene (also known as cyber hygiene) is a catch-all term for online best practices that help to keep your digital life “healthy” or secure. Logging out of an account when you’ve finished a task is good digital hygiene, as is avoiding any suspicious links in emails.
Passwords are one of your first lines of digital defense, and a vital part of robust personal digital hygiene. Using common, short, or uncomplicated passwords means putting yourself at unnecessary risk.
Here are a few stats to show you what we mean:
Computers can crack passwords shorter than eight letters in less than a second
Close to 70 percent of the commonest passwords in use can be hacked in under a second
A 12-character password takes around 62 trillion times longer to hack than a 6-character password
The dangers of poor digital hygiene when it comes to passwords
Malicious threat actors have a broad range of technology-assisted tools at their disposal, many of which are designed to gain access to accounts. Techniques, such as dictionary attacks and brute force attacks, make it much easier for hackers to enter your digital life.
They may even have had a helping hand. Online forums for cybercriminals play host to hundreds upon thousands of pieces of readily available account information, such as email addresses and usernames.
Armed with these, it’s just a few extra steps until threat actors have access to an individual’s accounts. From there, the key threats are financial losses and identity theft.
While most hackers prefer to target corporate entities, there are around 2,200 known cyber attacks each day in the US alone. A not-insignificant number of these are leveraged at people, not companies.
In addition to financial losses and identity theft, individuals face the risk of ransomware and extortion if a hacker gains access to their accounts. In one particularly worrying case from 2022, a Michigan teenager committed suicide after being extorted over sexual images.
Creating strong passwords that protect you from these risks
The golden rule of passwords is long, complex, and unique. All three of these factors are important, but some evidence suggests that length is the most important priority. For instance, the US Federal Bureau of Investigation (FBI) recommends lengthy passwords over complexity.
This is somewhat in contrast to previously held collective wisdom that suggested complexity was the key to robust passwords. But as numerous experts have pointed out, it doesn’t matter what the characters are per se as it takes the same amount of time to crack “a” as it does “@”.
In terms of length, aim for a minimum of 12 characters. Consider passphrases instead of passwords; for example, “d)es Lulu eat lemOnade in lem0ns on [email protected]” comes in at 44 characters and hits the complexity and uniqueness goals.
For complexity, choose passwords or passphrases that:
- Do not contain sequential characters (abc) or numerals (123)
- Feature random words, not a known phrase
- Use a mix of upper and lowercase letters, numerals, and special characters
Uniqueness is similar; you make your passwords unique by:
- Avoiding known phrases
- Not using common passwords such as “password” “qwerty” or “1234”
- Using a different password for each account you hold
Should I change my passwords now?
If you’re committing any of the cardinal password sins that we’ve set out above, it’s a good idea to take 30 minutes out of your day and change your passwords to more secure options.
Of course, generating these hyper-unique and lengthy passwords and remembering them is quite the task, so we recommend investing in a quality password manager, such as LastPass, which offers a range of subscription options. It’s free for individual users but also provides enterprise-level plans.
Once you have a password manager, you only need to sign in once each session or day, and the software will do the rest, including automatically logging you into sites or apps where you hold an account.
It’s easy, convenient, and goes a long way towards better online security.