In 2019 the most common passwords were still “password” and “123456” or derivatives of those like “Passw0rd” or “123A56” and a lot of people keep talking about how these are gaping security holes. However it seems that nobody actually talks about WHY these are security holes. The reasons behind this being such a security threat is actually a lot more simple than people think, it has nothing to do with algorithms, “brute force attacks” or any sort of fancy tech speak, but everything to do with guesswork. Although they don’t have much to do with each other, they still accomplish the same goal, as algorithms and “brute force attacks” are essentially just fancy tech speak for making a computer do a lot of randomised guesses.
Computers are extremely good at doing thousands of guesses per second, but a lot of criminals today often don’t even need their computer to do this, as the passwords I mentioned before, among many others, are pretty standard and can be guessed by a person within 10-15 tries. You yourself might not fall into the category of passwords from the start of this article, but I will bet you that you will fall into one of the following categories. Using part of all of your pets name, your maiden name, part of or all of your birthdate, house number, zip code and even names of familiar places or your home address. Now the issues here is that these combinations are easy to guess, there aren’t very many combinations and most of this information is easily accessible.
The threat in concern to this, is that we tend to not be able to remember a lot of passwords, so most people only have a low safety, medium safety and high safety password, which in some cases are even only derivatives of the same password. Which means that if you lose one password or someone guesses one of your passwords, that person has access to a whole range of accounts and can even in some cases guess passwords for other accounts. This is also where security questions become a huge threat, as most people answer honestly and it is yet again publicly available information and in some cases you can circumvent or even view the password of an account.
It is most likely around now you might be feeling a bit powerless in regards to passwords, but there are plenty of ways to make yourself more secure. The very first step is to change your passwords, even if you only have three passwords for now, change them to something that is easy for you to remember, but have absolutely nothing to do with who you are. These passwords should also be kept at minimum length of 12 characters, preferably longer, to keep computers from randomly guessing your password.
A good tip for passwords is actually to use sentences, spaces and all (yes a lot of sites will actually allow this). A good one for your online shopping for example could be “oh what a wonderful day for shopping” (don’t use this one now), or anything else that might pop into your head when you first load up the shopping page. Passwords like these will be deeply personal and have a very high character count, so they will also only really be guessable to the people closest to you.
Passwords like these should however not make you feel safe, as they can still be lost, letting an attacker access other accounts you own as well. The only way to be as safe as you can be is to use a random username and random password for each account, as well as enabling two/multi factor authentication (2fa) for the accounts where this is possible (oh and don’t forget random answers to security questions).
The thought of this will probably have you pulling your hair out, as you have in the hundreds of accounts and even the though of remembering, let alone changing all of these passwords is borderline insanity. Luckily though, there is a simple solution to this, they are commonly know as password safes or password managers. While they do require quite a bit of getting used to, once you learn how to work them and get familiar with them, you will wonder why you didn’t use this before.
Basically a password manager is a piece of software that saves your passwords into a file that is encrypted so aggressively that it would take a super computer thousands of years to break into it. The key to unlocking this encryption is usually only a singular password that you will now have to remember going forward (using the long sentences from earlier is a great idea), which will then grant you access to automatically type a random username and password into other websites and applications.
Some of these password managers are safer than others, but they usually also come with the backside of added complexity and some even come with the ability to use 2fa, so you won’t have to keep that separately on your phone. My personal favorite is KeePassXC an offline password safe, that can be synchronised over DropBox, GoogleDrive or even iCloud. A few decent online services that are a bit easier to use, but also a bit more unsafe, are Zoho Vault and Dashlane. However, do keep in mind, that using any password manager is still safer than not using one at all, as you are protecting yourself from being compromised by a single website.