Why Most Passwords Aren't as Safe as You Think

Passwords have been a core part of computer security since the 1960s, and it sometimes feels like they’ve protected our data and caused headaches in equal measure since then. Simply having one isn’t enough, especially now that even amateur crooks can crack 8-digit versions in no time.

How much attention have you been paying to password security? You might not be as safe as you think you are. Read on to see if that's the truth and how to stop putting yourself at risk.

Password Security Misconceptions

While users' password hygiene is improving, we collectively still have a long way to go in weaning ourselves off bad habits. Most egregiously, a not-insignificant portion of users still stick to some of the most common passwords. Length is ineffective if the password you’re using is still common and easy to guess.

Length

On the other hand, length can introduce different problems. For example, a common shortcut is to use consecutive letters or repeat a word multiple times to satisfy password length requirements. Something like “burgerburgerburgerburger” is as easy to bypass as a much shorter alternative.

Including symbols, capital letters, and numbers makes a difference. However, it also promotes riskier user behavior. There’s no way you’ll remember "fsoh%ad@$"ssgJH" on your own, so you're more likely to write it down on paper or save it in a text file. Anyone with access to your desk or who manages to breach your computer's defenses is in for a treat once they find it. And that’s just one password!

Reusing passwords

This brings us to another widespread problem – duplicate or similar passwords. A password that isn't unique is NOT secure, no matter how long or complex it looks!

When each password is one-of-a-kind, the worst thing that can happen is a single compromised account if it gets stolen or exposed as part of a data breach. Now imagine some hacker getting their hands on just one password you happen to be using for 20 different accounts. They likely won't try to brute force their way into all of them, but you may be in trouble if you use the same password for common accounts like email or social media.

Changing a number here and a letter there won't cut it. Unless a company you have an account with has something like a “three strikes” rule in place, hackers are free to try endless variations on leaked passwords in hopes of success. The chances might be less than one in a million, but that’s more than enough in the long term.

How Do Passwords Get Compromised?

The fact that there are so many ways for passwords to end up in the wrong hands doesn’t help, either. User negligence is certainly high on the list, but it's just part of a bigger cybersecurity problem.

Data breaches

You are responsible for the security of your passwords, but so are account providers. Data breaches are an ongoing and escalating threat. Just one mega incident that happened recently exposed ten billion (you read that right) username and password combinations! Depending on the incident, leaks may also include names and addresses, banking info, and other highly sensitive data.

Companies that don’t keep up with cyber defense standards pay the price, as do their customers. The scary part is that you can’t influence their decisions, but you aren’t helpless either. More on that shortly.

Social Engineering

Cybercriminals know a thing or two about exploiting the human psyche and are devising ever more sophisticated tricks to get you to give up your passwords. Phishing is the most common, and still highly effective, way of coaxing info out of unsuspecting victims. You might recognize a phishing email by the suspicious-looking address and rushed or threatening tone. However, your grandma is likely to click a link inside and deliver all the requested account, banking, or even medical information on a silver platter.

Younger generations might be more tech-savvy, but they aren't immune to fraud. Social engineering geared towards Gen Z focuses on social media platform messaging and fake app downloads, which can be as damning as an old-fashioned phishing email.

Activity monitoring

The right circumstances allow cyber crooks to spy on you directly. For example, they can execute a man-in-the-middle attack if you connect to the internet through vulnerable means like public Wi-Fi. Visiting sketchy sites and downloading freebies may also install a keylogger onto your system that records keystrokes and sends them to its master, your passwords included.

How Can You Ensure Password Security?

The article might have been all doom and gloom so far. Yet, you can do much to protect your accounts, even if a password gets compromised.

Leaving password management and creation up to the pros should be at the top of your list. Password managers exist solely to generate unique complex šasswords that can't be brute forced. Their encrypted vaults provide secure storage, while autofill speeds up logins without exposing credentials. Password managers for business take things up a notch and can provide secure logins as well as nuanced access controls for small businesses and larger companies with equal assurance.

What happens if an account gets compromised without your involvement, e.g., through a data breach? A strong password won't be enough to contain the damage. However, two-factor authentication, which is often part of a trustworthy password manager (one of them is NordPass) feature set, will. Hackers who obtain such login info will still need to provide 2FA’s second code, meaning you can change the unsafe password and reestablish control.

Secure password generation and 2FA are essential, yet they aren’t the only traits of a superior password manager. Yours should enjoy a good reputation from users and cybersecurity pros, have expert support ready to tackle any challenge, and offer easy cross-platform syncing at a reasonable price.