Basic password compromises make up the largest percentage of security compromises that result in financial or reputational damage. In a 2020 study, 81% of breaches stemmed from a stolen or weak password. In 2021 it was estimated that over 800,000 passwords could be stolen per year.
With the average cost of a data breach rising to £3.2 million last year, it’s more important than ever to audit your password security.
How Do I Keep My Passwords Secure?
Use longer passwords, containing symbols.
The advice that you should use upper- and lower-case letters, along with numbers, to create a secure password is out of date. As password hacking software becomes more sophisticated, we need to improve countermeasures.
Typically, a “strong” password has been deemed to have a capital & lowercase letter, a number, and be 8 characters in length. We’ve found these passwords are
1. hard to remember
2. Encourage you to write them down or save them in your web browser
3. Aren’t actually strong at all.
A password such as ‘ThisIsMyEmailPassw0rd!’takes the time to crack your password from 3 weeks to 2 hundred sextillion years.
It’s important to make sure your password is unpredictable – don’t use pets names, or family members names. The most common names used in passwords are Eva and Alex. Instead, you could opt for food or drink names – they make up around 2% of user generated passwords.
Use a password manager
Password managers are apps that generate new, unique passwords for every website you visit. These credentials are then stored for you in a virtual, password-protected vault. When you visit a site that requires you to log in, the password manager auto-fills the credentials. This means you only need to worry about remembering one password – the password to get into your vault. This is a password you want to keep as secure as possible. All of your passwords will be accessible if this password is stolen. Some password managers can also tell you if your current passwords are weak or compromised.
Use Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) requires you to sign in with more than just a username and a password. Usually, you’re required to prove it’s you signing in by entering a 6-digit code that has been sent to you by text, or from an authenticator app such as Authy or Microsoft Authenticator. Even if your password is stolen, your account cannot be accessed without the code.
Regularly Update Your Password
You should update your password every few months, especially if you’re not using MFA. It can be hard to know if someone has stolen your password, so updating it regularly can be good protection against this.
“123456”, “password” and “qwerty” are still currently among the most used passwords around the world, and over half of people use the same passwords for both work and personal accounts.
Perhaps more concerning is that 57% of people who have been scammed in phishing attacks are still using the same password.
You can use this website to check the security of your current passwords.