The importance of secure passwords cannot be stressed enough


Cybercriminals typically rely on weak passwords to break into the online accounts of unsuspecting victims, often with serious consequences. But despite understanding the importance of strong passwords as a critical security best practice, for most users the ease of remembering just a few passwords and reusing them everywhere outweighs the security risk. increased.

According to our 2021 Global Cybersecurity and Online Behavior Report, just over half of the more than 10,000 consumers surveyed use one or more passwords on their online accounts, and around a quarter use a simple password. for all their online accounts. .

Easy Pickups for Cyber ​​Criminals

The report notes that consumers are concerned about online threats, including financial fraud and social media identity theft. However, their actions do not match their concerns – based on behaviors related to the use of security products, the use of passwords across platforms and the sharing of account details, nearly 60 % of respondents are considered “exposed”. As cybercriminals profit from poor cybersecurity practices: 61% of users have experienced at least one threat in the past year, with fraudulent mobile messages/calls (36%) and phishing (23%) being the most frequent.

Weak passwords provide an easy route for cybercriminals to exploit; they can sell this information on the dark web or use it to launch other attacks. If the passwords are simple, short, (too) common, hackers can crack them quickly using widely available tools. In fact, a password containing less than eight characters can be compromised in seconds.

If hackers already have information about a victim – perhaps by purchasing it from the dark web or from a separate breach – they could also guess/deduce the password. That’s why it’s so important to ensure that all passwords are changed after a suspected major data breach, even if the user doesn’t believe their password has been compromised.

Cybercriminals also use phishing emails and malware campaigns as a common method to steal login credentials, and much more: cookies and credit card data saved in browsers, information stored in crypto wallets, chat logs, VPN login credentials, text from files, etc.

After acquiring stolen credentials, cybercriminals use them to commit identity theft and drain financial accounts. They also profit from selling credentials on the dark web, so the victim may not even know how many bad actors have their credentials. In other cases, the stolen credentials are used to hack into and take over other online accounts (eg, social media profiles).

Stolen credentials can even have far wider implications than just compromising personal accounts. If someone uses the same or similar passwords for other accounts, such as their work account, it could give criminals a back door to their employer. For businesses, a leak like this could result in massive financial loss and brand damage.

Consumers leave their passwords exposed

Cell phones are a major and often overlooked concern. We found that 30% of respondents don’t use antivirus on their phones, which means they don’t properly secure their devices. This is all the more concerning because the demographic groups that use their phones the most often are also those who worry the least about online threats and vulnerabilities.

Password managers, passwords stored in electronic file and/or physical format, are used most frequently for business devices and least frequently for home phones. The auto-fill option and password managers are most often used by 25-44 year olds and the hard format is used more by 55-65 year olds.

But even if business accounts are secure, that doesn’t mean sensitive work information isn’t transferred to home phones. Messaging and communication apps connected to work accounts are often downloaded onto personal devices, and if someone uses the same passwords on all accounts, their personal devices are compromised, so are their work devices.

How to stay safe

The key to improving overall password security is educating consumers about the risks associated with their online behaviors and providing realistic measures they can use to better secure their passwords.

The first step is to diversify the existing cohort of passwords and make them more complex. Consumers should avoid reusing passwords or sharing passwords with multiple people. Avoid using well-known phrases (i.e. hotkeys like 1234 or QAZ) or personal information (i.e. birthdays or pet names) in passwords . Another best practice is to change your password every three months (or as soon as you receive a data breach notification).

Also, be sure to enable two-factor authentication (2FA) on every account that supports it. This is an extremely important layer of protection that helps protect your account in case the password falls into the wrong hands.

Even though these are the most basic steps, many are hesitant to take these steps because they fear forgetting their passwords. A password manager is a good solution for this; it creates random, strong, unique passwords and then stores them securely.

Two-factor authentication can also be a good way to secure accounts even if a malicious actor can guess a password, and antivirus software can protect devices from credential-stealing malware. Finally, when connecting to an unknown network, consumers should use a VPN.

In educating users about security, particular attention should be paid to mobile phones because, as mentioned earlier, they are at greater risk with less use of security products/services and increased use of simple passwords.


Comments are closed.