Passwords. The authentication that allows you access to your online accounts. Emails, bank accounts, shopping websites, digital payments, video streaming services—you name it, and there usually is a password (or a pin) of some sort that verifies your credentials before allowing access to whatever is in that virtual vault. But users clearly aren’t taking passwords seriously. A recent study by the United Kingdom's National Cyber Security Centre (NSC) suggested that millions were using a password combination as bland as ‘123456’.
The survey commissioned by the National Cyber Security Centre and Department for Digital, Culture, Media and Sport as part of the UK Government’s National Cyber Security Programme suggests that password combination 123456 has been breached for as many as 23.2 million online accounts globally, while the combination 123456789 has been breached 7.7 million times. As it turns out, the word password is also a password for 3.6 million breached accounts online. As many as 3.1 million user accounts also kept 1111111 as a password.
“Times have changed, especially in the digital world – years ago, consumers did not store nearly as much personal data on the internet. However, today, our most sensitive details live behind online password protection – from our financials, to our official documentation, personal photos and more. This means consumer behavior around passwords must evolve, in order to prevent cybercriminals from accessing vital information,” says Gary Davis, Chief Consumer Security Evangelist, McAfee.
But how can you really make your password secure?
First of all, you must check if the existing password for any of your online accounts has already been cracked in a breach or not. The website haveibeenpawned.com is usually very helpful in this regard—simply type in your password combination, whatever it may be, and it will search the results of all the breaches globally to see if your password has already made its way into one of these databases. If it has, you need to worry. And then immediately change that password combination from any and all of the online accounts.
One of the simplest things when setting a password is to not make it easy to guess. “Do not use common passwords and do not use simple personal details within your passwords. Basic personal info such as your birthday, family members’ names or pets’ names are easily guessable. The same applies for common passwords such as “password” or “qwerty.” The less obvious and more obscure, the better,” says Davis.
“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password,” says Dr Ian Levy, NCSC Technical Director, at time of releasing the UK Cyber Survey. One of the tricks could be to use a combination of upper and lower case alphabets, as well as numbers or special characters.
It is a common practice for many to keep the same password across a variety of online accounts and services, which makes it easier for a hacker to get access to all if they are able to get their hands on your password combination.
A lot of services offer something known as two-factor authentication. The 2FA is a feature that adds another layer of credential verification before you are allowed to sign in and access your information. “Two- or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification. This reduces the risk of successful impersonation by hackers,” says Davis.
Finally, you may also consider using a password manager. If you tend to forget your passwords, and end up perhaps writing them down somewhere (which is absolutely not recommended), a password manager app could help store all your passwords in one place.