Passwords are some of the simplest yet most effective ways to prevent unauthorized access into your most sensitive accounts and devices. They make an enormous difference in protecting valuable information, keeping unwanted eyes out with a few strokes of the keyboard. Then why is it that people still seem to be using passwords that are tremendously ineffective? Poor passwords aren’t just a problem, they’re an epidemic, giving hackers and cyber criminals easy entrance into targeted accounts. Take one look at the 20 most common passwords that people use, and you can easily see why weak passwords are such an issue. '123456', 'password', and 'football' are just a few of the passwords used regularly. Needless to say, this is far from sufficient to protect your information, and considering that more than 10% of all passwords used are made up of the 20 most common, it doesn’t take much for a cyber criminal to correctly guess what it is.
Poor password choices are simply par for the course these days. Even tech savvy individuals are guilty of using an easy-to-guess password for their devices. Perhaps most famously, Facebook CEO Mark Zuckerberg became a victim of a data breach back in June, giving a hacker access to his social media accounts. His password of choice? It just happened to be 'dadada'. Not exactly what you would expect from someone who founded the social media giant. Equally distressing is the fact that he used the same password for multiple devices and services. Once the password was guessed, his other accounts became vulnerable. And yet he isn’t alone in using and reusing a simple password. In fact, nearly a third of all people reuse the same password for different services.
The reasons for making sure you’re using stronger (and different) passwords are many. The number of data breaches is on the rise and cybercriminals are targeting more than just big businesses. In fact, many hackers see lone individuals as better targets since they go to fewer lengths to protect their sensitive data. The use of cloud services is also one the rise, meaning people are using more accounts that require passwords than ever before. Whereas years ago people may have only used a handful of services that needed password input for access, now that number has ballooned to dozens. Those services may be for work or personal use, but the number has grown nonetheless. Not to mention that much of the information contained within those services has only gotten more sensitive over time. People simply feel more comfortable leaving that data on the web rather than storing it locally or using flash storage.
While some people may understand the need for a strong password, they still might not know how to make one. There are a few principles to keep in mind to ensure your password is difficult to guess. The first is to keep a varied mix of letters, numbers, symbols, and other characters. Choosing regular words is not the way to go; a random assortment of characters is much better. Replacing one 'o' in football with a 0 and an “l” with 1 is a good way to start, though more work is needed. Avoid numbers that may have special significance to you, like your birth date or anniversary date. If a hacker can find personal information out about you, they will likely try those types of numbers when guessing your password. Make sure your password is long as well. Five or six characters isn’t enough to have a secure password. Instead, go for a length ten or more. Also, mix up the capital and lowercase letters to make it even more difficult to guess.
You’ll also want to use a different password for each account you have and each service you use. That way, even if one of your passwords is cracked, only one account will be compromised instead of all of them. If keeping track of a lot of passwords is difficult, you can use a password manager to keep things organized. And even once you’ve got your password situation all figured out, you should also use two-factor authentication. This usually involves having a 4- or 5-digit code sent to your phone that you input along with your password. It may require an extra step, but it is extremely secure and can be the difference between a safe account and one that’s been broken into.