Human technological innovation is awe-inspiring. We’ve explored space, developed AI technology, and created vaccines to help combat a global pandemic in record time. You’ll understand my disappointment when I discovered that the most popular password in 2021 is…wait for it…’123456’ only to have ‘123456789’, ‘Qwerty’, and ‘Password’ follow. Groundbreaking, I know. We can do better. No, we have to do better! Our cybersecurity and, quite frankly, our collective dignity is at stake. Dramatic? Yes! Incorrect? No!
We all use several passwords every day, but what do they actually do?
What Do Passwords Do?
A password is your first (and often only) line of defense against cybercriminals. It’s also how platforms ensure only you can access your data. Passwords are like club bouncers only, with less actual muscle and neck tattoos.
Our IRL lives are becoming increasingly digitized. We find ourselves needing to log-in to access more and more aspects of our day-to-day life. You’ll need a password to get food deliveries to your door, find your way on a map, and communicate on any social media platform. You’ll even need a password to find the love of your life or at least your love for the night.The rapid rise of remote work has upped the need for strong password authentication. Employees, more and more, require access to private work data from locations other than the office.
Now’s the time to take our online security seriously. It’s important to understand and recognize the butterfly effect of damage that even a single data breach can cause.
The Perils of A Passable Password
Poor passwords can pack a painful punch if they fall into the wrong hands. According to a Report, 89% of total data breaches were due to stolen or weak passwords. The UK’s NCSC worldwide breach analysis found that 23.2 million breached accounts used ‘123456’ as a password. Practice some self-love, and don’t put your entire online data security at the mercy of a flimsy password like ‘password1’ or ‘batman’. You deserve better than that.
The recent Spotify, LinkedIn, Facebook, and Sina Weibo cyber hacks were all, at least in part, due to weak or recycled passwords. The Colonial Pipeline cyberattack disrupted the functioning of the largest fuel pipeline in the US! The DarkSide criminal group hacked the system through a single compromised password. Yikes!
Massive password spills are also terrifyingly common. This year alone saw two massive password leaks. The first was the COMB leak (Compilation of Data Breaches), where a large database of already stolen usernames and passwords circulated the dark web. The second, the Rockyou2021 leak, where a document containing over 8.4 billion passwords was uploaded online.
I get it, though, password fatigue is real. Having to constantly create and change your passwords,and remember them is frustrating. You might have given up and surrendered to cyber-fate to decide whether your password will protect you. Unfortunately, if you don’t change your password to a stronger and better one, cybercriminals can and will come for your data.
A Cybercrook’s Toolbox to Hack Your Password
The shorter and simpler your password, the easier it is for cybercriminals to hack.
Top 4 tools cybercriminals use to hack your password.
In response to cybercrime, online security has evolved at a lightning pace. The question is whether passwords are keeping up.
Are Passwords Still In?
The password has begun to lose some popularity. Microsoft, in a big influencer move, took a massive step towards obliterating passwords. They’ve given you the option to go passwordless, replacing it with an authenticator app, Windows Hello, a security key, or verification codes sent to your phone or email.
Others are also joining the #passwordsareoverparty trend. Apple’s new operating systems incorporate passkeys in iCloud Keychain. Google has also focused on a passwordless future. You could test-drive life without a password using biometric authentication (face, voice, fingerprint recognition), hardware and software tokens, pins, SSO (single sign-on authentication), and cryptographic keys.
Yes, a world without passwords is intriguing, but it won’t happen overnight. We’ve got a lot to figure out, and passwordless tools won’t be widely accessible for everyone on every device and platform for a long time. For now, you still need passwords for most accounts. That said, you’re going to need a good one.
How to Build a Stronger Password
Construction is key. Knowing how to build your password will help you create one that’ll stay strong no matter what cybercriminals hit it with.
Check out 11 of the biggest password DOs and DON’Ts:
blend a mix of numbers, letters (upper and lowercase), and symbols.The more complicated the password, the harder it’ll be to crack in a cyberattack. Instead of ‘password1’, try ‘p@sS_w0RD#one1’, or instead of ‘123456’, try ‘0ne_TWO_3_FOUR_5_SIX’.
use numbers or letters in a predictable sequence or a predictable key pattern.‘Qwerty’ is a predictable password for a reason. It’s the sequence of the top left letters on your keyboard. Eureka moment! Once you get over it, this password isn’t original and won’t protect you from cyberattacks. Shake it up, people! 123456 is a NO, but 634152 is a GO!
choose length over complexity.Size does matter here! You’re more likely to remember a longer yet simpler password than a shorter, more complicated one. A password with at least 12 characters will give you robust protection without risking forgetting or mixing it up.
use your personal details.Your birthday, name, family name, street address, hobbies, and pet’s name are all off the table. Cybercriminals can and will find that information online and use it to crack your password. While Charlie makes for a good canine companion, it doesn’t make for a strong password.
use two-factor or multi-factor authentication.Team your password up with other forms of authentication, like biometric, hardware tokens, security questions, and OTPs (One Time Passwords). It’s like building your own little Avengers squad, just for your online security.
re-use your password. Recycling plastic? Yes! Recycling your password? No! If cyberattackers crack your password for one platform, the rest of your accounts become sitting ducks if you’ve used the same password for everything.Use a different password for each account! Ok, now you’d say, how will I remember all these passwords when I can’t even remember what I had for lunch! Benefit from CyberGhost VPN’s password manager and secure your accounts; it’ll do the heavy lifting for you.
vet your passwords regularly.It’s always good to clear bad energy from your life, and that includes weak passwords. Put your passwords to a strength test; try PasswordMonster or Howsecureismypassword. They determine how strong your password is, and you’ll also get a -very scary- estimate on how long it’d take a cybercriminal to crack it.Prepare to freak out. I tried it; a password with characters including caps, numbers, and characters takes 26 billion years to crack, while a more clear-cut ‘987123’ takes 25 microseconds to crack.
email or text your passwords to yourself or your friends. Avoid having your password floating around out there in your easily hackable email or phone records. Instead, try the old-fashioned way of writing your password down with a pen and paper and storing it in a safe location. Who doesn’t love a good throwback to a time before everything was recorded online?
make use of password-creating methods.Feeling uninspired? Have a password writer’s block? Here’s what you can do:
- The Sentence Method. Create a random sentence and apply a rule to create a password using it. Try taking the last 2 letters of every word in the sentence to create your password. Turn ‘You caught the very last train lucky fish’ into ‘ouhtherysrinkysh’.
- ‘Three Random Word Method’. Join 3 completely random words together. It could be ‘MattressRotationBurger’ or ‘CupcakeRoadZebra’. Have fun with it!
- The password generator.
Create a completely randomized password for you.
create or use your passwords while connected to public Wi-Fi without a VPN.You should never use public Wi-Fi without a VPN, especially when you’re dealing with your passwords. It’s nothing for cybercriminals to intercept and steal your personal information, including your passwords.
try CyberGhost VPN’s Password Manager.CyberGhost VPN knows that changing your passwords and remembering different ones is a part-time job! That’s why we’ve created a fool-proof password manager. It’ll automatically generate, manage, and store your passwords in an encrypted and ultra-secure vault.
Cybercrime is real and we all have to deal with it as technology continues to intertwine with our lives. Prioritizing your password fitness is a small and easy step towards protecting yourself and your data online.
It’s easy to take your cybersecurity seriously with CyberGhost VPN. Just add the CyberGhost Password Manager to your existing CyberGhost VPN subscription and create your password manager account. Easy peasy!
Should I change my passwords regularly?
No! While this may seem counterintuitive, according to recommendations by NSIT (National Institute of Standards and Technology), frequent password changes don’t help protect your online security. The more you change your passwords, the more likely you’ll constantly forget and jumble up your passwords. It’s best to focus on building strong passwords for each account. Better yet, use a password manager to create and manage passwords that’ll stand the test of time. Try CyberGhost VPN’s password manager.
What are examples of bad passwords?
According to CyberNews, drumroll please, the top ten most common and worst passwords to use in 2021 are:
What’s Multi-Factor Authentication (MFA)?
It’s an ultra-secure authorization where you use a password plus at least one other authorization tool to access a specific platform or site. Authorization tools include biometric authorization, security questions, and OTPs (One Time Pins).
Are password managers safe to use?
CyberGhost VPN’s password manager automatically generates, manages, and stores your passwords in an encrypted and ultra-secure vault. We use a combination of AES-25 symmetric encryption and RSA-4096 asymmetric encryption. This means we scramble your data to make it indecipherable to any third party. This ensures that no one, but you, will ever be able to access or read your data.