Many people are guilty of having bad password habits. Sometimes a password might be too easy to guess, or it might be shared across multiple accounts or stored in an unsafe place. Having a strong password is a key part of keeping yourself safe online. Here are some tips to make sure you use good passwords for each of your online accounts.
Is your password easy to guess?
Can you guess the top 10 most popular passwords for 2022?
The top 100 most common passwords include popular words,phrases and memes. Hackers collect long lists of these passwords and use them to make programs that attempt to break into accounts using these password dictionaries, one after another, trying thousands or millions of passwords a second.
Sometimes people think they are being secure by using ‘password1’ or ‘p@ssw0rd’ instead of the basic ‘password’. Adding a single number of a symbol into your password doesn't make your password very secure. It is easy for automated programs to try variations on common words using numbers and symbols.
Is your password too short?
Computers are incredibly powerful and can calculate huge numbers rapidly. To a computer every password is just a long line of numbers and symbols.
Imagine you were going to make a password that was just one character long. The average keyboard offers a total of 95 different options you could choose for a single character, including 26 uppercase, 26 lowercase, 10 digit, and 33 other symbols.
It would be a very simple for a computer to check every one of these 95 possible options, until it finds the right one to crack your account.
Although real passwords are much longer computers are so powerful that it is still easy for passwords to be guessed simply by running through every possible combination of letters, numbers and symbols, one after another. This process is so fast that most common eight-digit passwords can be cracked in as little as a minute. The ‘How secure is my password’ website can illustrate how easy it can be to crack common passwords. By way of demonstration, create a new password (make sure that this is not one of your own passwords) and test it on the website. Remember: never type a real password into an unknown text box. Only give your passwords to sites that you know and trust.
Some websites offer protection against these sorts of brute-force attacks by blocking access to your account after three incorrect password attempts. Sadly, too often people use the same password across multiple websites. A hacker only needs to discover your password being used on a less secure site and then they can attempt to reuse that password to access all other accounts on different sites.
Do you use the same password across different sites?
Sometimes your password can be stolen through no fault of your own. An attacker might break into a popular site and make off with username and password combinations. Most popular websites take great precaution to protect against such a data breach, and you will usually be contacted by email if a company suffers a data breach to warn you to change your password for that site.
The website have i been pwned? is an easy way to track the biggest known data breaches. Type in an email address and you will see all known data breaches that match with the email address and potentially any passwords associated with it that might have been exposed.