Cybercrime is the fastest-growing type of felony in the world. And according to the University of Maryland, one hacking attack occurs every 39 seconds. On average, that’s 2,244 attacks a day!
Being hacked could mean anything from having private pictures of yourself and your loved ones stolen to identity theft or financial fraud. And weak or stolen passwords are one of the most common causes of data breaches and cybertheft.
To make sure you’re keeping yourself safe, here’s what you should do about your passwords.
A weak password is a flimsy shield
A lot of hackers use force brute attacks, trying to guess passwords and get into computers.
Having a strong, hard-to-guess, unique password is an essential layer of protection.
Unfortunately, a lot of people don’t pay enough attention to this. Computer engineering student Ata Hakçıl did a study of leaked credentials and found that the most used password is still “1234”.
In a batch of one billion leaked credentials, 7 million passwords were 1234!
Hakçıl also discovered that:
- 28.79% of passwords were letters only.
- 26.16% of passwords were lowercase only.
- 13.37% of passwords were numbers only.
These are all things you should avoid like the plague. Instead, here’s what you should do.
1. Don’t use the same password for all your accounts.
Maybe this goes without saying, but not using the same password for all of your accounts is one of the most important things for your cybersecurity.
If somebody hacks your Instagram account, don’t give them the opportunity to compromise your email and banking accounts too.
Don’t fall into the trap of using the same password everywhere because anything else would be hard to memorize. Use a reputable password manager. Choose one that lets you create strong and unique passwords. Better yet, get one that stores them for you in a highly protected, encrypted, and hacker-proof environment.
2. Update your passwords regularly.
Frequently changing your passwords decreases your chances of getting hacked. That’s because a hacker might try to access your account more than once.
You should continuously update your passwords because you’d be preventing someone else from accessing your accounts from other devices, too.
For instance, if you forgot to log-out from a school or work computer, anyone would be able to use your account. And that’s not something you want.
3. Choose multi-factor authentication whenever possible.
Multi-factor authentication, or MFA, is a different type of sign-in process. It’s commonly used for banking apps or online transactions.
When you sign-in, you go through another authentication step, like introducing a code you received via text message or using a biometric scanner to confirm your action.
This considerably reduces the risk of having your password compromised or someone else using your accounts.
4. Use numbers and symbols.
Numbers and symbols make passwords harder to crack because they increase the number of possible combinations. This makes it difficult for hackers to use brute force attacks to find their way to you.
Dictionary words are easier to figure out, as well as combinations of just numbers because there are fewer combination possibilities.
5. Bigger is better.
When you set a longer password, a hacker will have to spend more time trying to guess it with a brute force attack.
With each character you add, the time it takes to find out your password through brute force grows exponentially:
Worst possible passwords
Every year, researchers look at millions of leaked log-in credentials and rank the worst of them all. Check out the list below and make sure yours didn’t make the top 10 in 2019:
Until next time, stay safe and secure, and take care of your passwords!
Leave a comment
Posted on 25/10/2021 at 21:36
Thanks for the tips. Does CG online account portal support MFA (TOTP) and if not, is it on the roadmap?
Posted on 26/10/2021 at 10:10
The only feature we have that is somewhat similar with TOTP is our Dedicated IP, which is an extra feature (like an add-on) to our VPN service. You can find out more about it here: https://www.cyberghostvpn.com/en_US/dedicated-ip-vpn