World Password Day is a day to remind us about the importance of protecting ourselves online through strong password use. This day also helps educate people on ways to improve the passwords that they use for their online accounts and provide sources to learn more about cyber security.
I’m surprising no-one when I say that most aspects of our lives have been digitalised in some way, requiring as to have multiple account logins to maintain and monitor. So, digital protection, while not being at the forefront of our minds at all times is still very much an important part of our daily lives. If you can visualise your online accounts as houses, then your passwords are the keys that help you gain access to your house. You don’t want to leave your keys in a typical place like under your doormat, making it easy for your keys to fall into the hands of the wrong people.
The average young person has 7 active social media accounts to their name. That many accounts often leads to one all-purpose password. With young people being known for regularly contributing to their digital footprint, the idea of a stranger gaining access to a young person’s social accounts can be detrimental to their reputation, future employment opportunities and if the leap in passwords is successful even their finances.
According to an online survey Avira conducted with 2,519 respondents, many bad password habits were revealed. The biggest bad habit: Saving passwords in your browser (36 percent), closely followed by synchronising as many devices as possible over the Internet (35 percent). More than 1 in 5 respondents (22 percent) admitted to using as few passwords as possible, while 17 percent used “stay logged in” options regularly. Finally, 9 percent of respondents still use very simple passwords, making it easier for hackers to break in.
Many people are guilty of having bad password habits. Sometimes a password might be too easy to guess, or it might be shared across multiple accounts or stored in an unsafe place. With that in mind, what makes for either a good or bad password?
Is your password easy to guess?
Can you guess the top 10 most popular passwords for 2018?
- 123456 (23,760,336)
- 123456789 (7,716,669)
- qwerty (3,799,486)
- password (3,603,003)
- 111111 (3,100,049)
- 12345678 (2,680,521)
- abc123 (2,670,319)
- password1 (2,310,111)
- 1234567 (2,298,084)
- 12345 (2,088,998)
Are you starting to see a pattern here? Unfortunately a lot of people are creatures of both habit and comfort. These popular passwords lead account holders to be regularly hacked by automated algorithm programs that hackers use.
The top 100 most common passwords include popular words, phrases and memes. Hackers collect long lists of these passwords and use them to make programs that attempt to break into accounts using these password dictionaries, one after another, trying thousands or millions of passwords a second.
Sometimes people think they are being secure by using ‘password1’ or ‘p@ssw0rd’ instead of the basic ‘password’. Adding a single number of a symbol into your password doesn't make your password very secure. It is easy for these automated programs to try variations of common words using numbers and symbols.
Is your password too short?
Computers are incredibly powerful and can calculate huge numbers rapidly. To a computer every password is just a long line of numbers and symbols.
Imagine you were going to make a password that was just one character long. The average keyboard offers a total of 95 different options you could choose for a single character, including 26 uppercase, 26 lowercase, 10 digit, and 33 other symbols.
It would be very simple for a computer to check every one of these 95 possible options, until it finds the right one to crack your account.
Although real passwords are much longer computers are so powerful that it is still easy for passwords to be guessed simply by running through every possible combination of letters, numbers and symbols, one after another. This process is so fast that most common eight-digit passwords can be cracked in as little as a minute. The ‘How secure is my password’ website can illustrate how easy it can be to crack common passwords.
Some websites offer protection against these sorts of brute-force attacks by blocking access to your account after three incorrect password attempts. Sadly, too often people use the same password across multiple websites, as according to a recent study, 83% of surveyed users have the same password across multiple accounts. A hacker only needs to discover your password being used on a less secure site and then they can attempt to reuse that password to access all other accounts on different sites.
Do you use the same password across different sites?
Half of connected users worldwide use the same password to protect more than one of their online accounts. This is very risky. If hackers crack your password or gain access to it after a data breach, they will then use it to try to log in to your other accounts, knowing that so many people recycle their passwords. After a data breach, passwords should be changed immediately to keep your data safe, especially if any one password was used to protect multiple accounts.
Sometimes your password can be stolen through no fault of your own. A hacker might break into a popular site and make off with username and password combinations. Most popular websites take great precaution to protect against such a data breach, and you will usually be contacted by email if a company suffers a data breach to warn you to change your password for that site.
The website have I been pwned? is an easy way to track the biggest known data breaches. Type in an email address and you will see all known data breaches that match with the email address and potentially any passwords associated with it that might have been exposed.
Including personal information in your password is not a very clever idea. Cybercriminals can find publicly posted personal info on your social media accounts, which they can then use to try and guess your passwords. To create a strong password, use common sense and stay away from the very obvious like “123456,” “qwerty,” and “password.” We also recommended that you avoid using the following information, which too often can be found on social media profiles:
- Your own name or the name of a family member
- Your pet’s name
- Your birthday
- Words related to your hobby
- Part of your home address
“Cybercriminals collect personal data, like login credentials, from various sources including data breaches, and sell it on the Darknet for other cybercriminals to abuse,” says Luis Corrons, security evangelist at Avast. “Creating strong and unique passwords for each online account is nearly impossible, which is why people create weak passwords that are easy to remember or re-use passwords for multiple accounts. Cybercriminals take advantage of this behaviour by trying to infiltrate accounts through brute force, attempting to use personal information to guess other passwords, or purchasing leaked credentials on the Darknet to log into further accounts.”
How you can generate strong password?
Step one is avoiding a single word, especially an English one. Instead, try using a phrase or series of words that are not easily guessable, or would not normally appear next to one another in a sentence. Some of your passwords may feature special characters or symbols at the end, perhaps because a website has prompted you to make your password stronger. Instead of placing a special character at the end and thus making it easier for cybercriminals to break into your account, intersperse special characters at different places, along with normal characters, throughout your password.
Generally speaking, avoiding any words found in a dictionary will increase the strength of your password. Words not found in a dictionary make it much harder for cybercriminals to crack passwords, since this helps to reduce their guess-ability; plus, you can get creative making up your own words. Of course, one of the reasons many passwords are so easy to crack is because people simply don’t have the capacity to remember multitudes of complex passwords, which is why resorting to easy-to-recall personal details is often a go-to.
While tempting, using personal details means your passwords could look very similar to your username, which is also an easy win for password-cracking programs and so another big no-no for a security-conscious user. In addition, if a cybercriminal has managed to source your personal details (whether from Facebook or otherwise) it will be even easier for them to guess your password.
In conclusion, you should;
- Generate passwords consisting of at least 16 or more characters.
- You should use numbers, special characters and both uppercase and lowercase letters.
- Avoid using any word related to yourself or the service the password is protecting.
- It is important to use two-factor authentication wherever possible.