In today’s digital world, keeping your online accounts secure is essential to safeguarding your personal information and digital identity. With over 1 Billion records exposed in various breaches, doing everything you can to keep your information as private as possible is critical.
Let’s try to avoid getting hacked!
However, there are common pitfalls that put individuals at risk: using the same password for multiple accounts and using weak passwords.
Let’s explore the dangers of these pitfalls:
(1) Using a Single Password for All Accounts:
Heightened Risk of Account Compromise: Reusing the same password across multiple accounts increases the chances of a security breach. If one account is compromised, hackers can access all other accounts using the same password, leading to potential identity theft or financial loss.
Vulnerability to Credential Stuffing: Cybercriminals exploit password reuse through credential stuffing attacks. Once they obtain login credentials from one breached account, they attempt to use the same credentials on other websites, exploiting the practice of password reuse.
Limited Protection Against Data Breaches: Data breaches are common, and passwords leaked from one breach can be used to access other accounts if the same password is reused. Using unique passwords for each account is crucial to minimizing the impact of data breaches.
(2) Using Weak Passwords:
Prone to Guessing: Weak passwords, like “password123” or common dictionary words, are easily guessed by attackers using automated tools. These passwords offer minimal protection against brute-force attacks. Try doing a search for the last year’s top worst 200 passwords. Sadly, this list is nearly identical from year to year! If you have a password that is similar to any of these, you really do not have a password at all.
Some examples of commonly used weak (non-) passwords that have been problematic for years due to their lack of complexity and susceptibility to being guessed or cracked easily:
- 123456
- password
- qwerty
- abc123
- iloveyou
- admin
- welcome
- letmein
- 123456789
- football
- Password1
Susceptible to Dictionary Attacks: Attackers can use dictionaries of commonly used passwords or words found in literature, movies, or online forums to guess weak passwords. With readily available information online, it’s relatively simple for attackers to crack weak passwords.
Easy Targets for Phishing: Weak passwords often contain easily memorable phrases or personal information, making users more susceptible to phishing attacks. Attackers can exploit this information to trick individuals into divulging their login credentials.
To mitigate these risks, it’s crucial to practice good password hygiene and use a reliable password manager.
Below are two highly recommended password managers from reviews online.
1Password: 1Password is praised for its simplicity and robust encryption. It provides secure password storage, item organization, and integrates well with various platforms and browsers. Additional features include secure password sharing and a travel mode for enhanced protection.
Bitwarden: Emphasizing privacy and open-source software, Bitwarden offers end-to-end encryption and supports two-factor authentication. It’s highly customizable, allowing users to self-host their password vaults for maximum control over their data. Bitwarden also offers a free version which may be more than enough for most users.
The general consensus is to create a unique strong password (as long as a site allows) that you cannot remember (an indication of its strength) for every site you visit or for account you have.
By prioritizing password security and leveraging reputable password manager solutions like LastPass, 1Password, or Bitwarden, you can enhance your online security and protect your digital identity more effectively.
Things not discussed in this posting
After having written the posting above, Passwords may be (finally) on their way out! There have been so many strategies over the years to help people have and use safer passwords for basic password security.
Unfortunately, when the average user might have well over 100 sites or log-ins for which they need to manage passwords, without a Password Manager password reuse and weak passwords are common problems. Technologies like Passkeys may eventually replace passwords entirely.
Tom’s Guide Article on Passkeys
Today, there are sites that, even if you use a very strong password, they still force you to change the password on their site every so many months. Using current technology, using a strong password could take a hacker, using brute force methods, more years to crack then there are stars in the universe. (See our other posting on this calculation. )
Additionally, there are sites that still limit you to, say, 20 password characters or further restrict what characters you can enter. All these restrictions are ridiculous and point to no standards or oversight.
The bottom line, unfortunately, is we have no idea how a site handles our password. Is it hashed? Is it stored in clear text?
Using 2FA was also not discussed here as there are several 2FA types deserving their own posting. Each of these 2FA types has their own advantages and (security) disadvantages. In general, however, 2FA is a good idea for any site you can use it with, but be sure you understand the limitations and possible security implications (SMS 2FA vs hardware key, for example).
Stay tuned for further postings on these topics!