Weak Passwords Are a Cybersecurity Pain Point, Here's How to Pick Strong Passwords

Security experts have been warning us for years about the dangers of bad digital behavior, yet even in 2022, many of us are still behind the times when it comes to security. 

Research into common passwords worldwide, for instance, reveals that many people still use known, popular passwords, which are the digital equivalent of sitting ducks.

According to the 2021 Internet Crime Report, published by the United States FBI, 847,376 incidents of cybercrime were reported by the public; that’s a seven percent increase from 2020’s figures.

Here, we look at how weak passwords put you at enhanced risk and review a few password essentials.

The Dangers of Weak Passwords

Weak passwords represent a significant security risk. Threat actors have a vast array of tools at their disposal, including brute force and dictionary attacks, that can easily crack weak passwords and passphrases.

Once these passwords are cracked, cybercriminals have access to your accounts, which may include sensitive financial or personal information. It doesn’t matter where the criminals are from, either. You can be attacked from anywhere in the world.

Financial loss is just one part of the story: identity theft remains a persistent threat. For example, twenty-five percent of the 5.7 million reports sent to the Federal Trade Commission’s (FTC) Consumer Sentinel Network in 2021 were for identity theft.

Online repositories containing email addresses and account usernames are posted online, and then shared among criminals. From there, it’s just a few extra steps and a malicious actor can gain access to your online life.

Passwords that are too simple or common can be cracked in as little as one second, according to TechRepublic. If you’re using “123456”, “qwerty”, “iloveyou”, or any variation of these for any of your accounts, it’s time to step up your password game to avoid becoming another statistic.

How to Pick Strong Passwords

 

Strong passwords should be Long, Complex, and Unique. Hitting one of these goals isn’t enough. Aim for all three in each of your passwords, and your digital security status will improve significantly.

Let’s take a look at each of the factors in a strong password now. 

1. Consider Length

 

Remember that statistically, it’s far easier to crack a short password than a long one. Anything less than 12 characters should be avoided. One way to ensure you’re using long passwords is to create passphrases instead - a tactic recommended by The Electronic Frontier Foundation and many others.

Passphrases should comprise four to five random words for added security and you can substitute a few letters for numerals or special characters. For example, “8ate cat pOny g0ld opal” comes in at 23 characters and is relatively easy to remember.

If memorizing passwords or passphrases is any issue, you may be tempted to use known phrases, such as “like a rolling stone” However, these do not afford anywhere near the same amount of protection.

2. Prioritize Complexity

Complexity matters almost as much as length. The best way to ensure your passwords are complex is to use a random mix of upper and lowercase letters, numerals, and special characters. You can also use punctuation such as hyphens, em-dashes, periods, and colons.

Generating complex (and lengthy) passwords is much easier with the help of a dedicated password tool. Your browser probably offers to generate and store these for you. However, there have been concerns raised over how well protected these in-built tools are.

Instead, opt for a dedicated third-party tool such as LastPass, a password manager that stores, secures, and generates complex passwords.

3. Uniqueness Should Be Top of Mind

As previously mentioned, the world’s most common passwords are a cyber security nightmare that should be avoided at all costs. Not only are they not unique, but with a simple online search, threat actors can easily learn the most typical choices in each country.

In Norway and Denmark that’s “webhompass”, in the US, it’s “iloveyou”, and in the Netherlands, it’s “welkom” - combining this knowledge with the advent of criminal enterprise software such as Ransomware as a Service and uniqueness seems far more attractive.

You should also use different passwords for every single account you hold. Yes, it’s tedious having so many passwords, even with a good password manager as an assistant. Still, if one element of your digital life is compromised, it means you don’t fall victim to attacks on every account you hold.

Other security measures you can take

1. Avoid linking accounts to another account for easier log-ins, for example, having numerous accounts linked to your Facebook or Google.

2. Don’t allow your browser to store your passwords.

3. When possible, set up additional authentication methods, such as biometric security such as face ID.

4. Don’t use passwords that have been exposed to a hack, you can check the validity of your passwords on the Have I Been Pwned website.

An increasingly sophisticated threat landscape and a rise in the number of reported cybercrimes mean robust passwords are more important than ever before. Follow the guidance above to secure your accounts.