Be smart about passwords because hackers are trying to get into your data and pocketbook

Randy Hutchinson
·3 min read

Two poor password practices account for much of the damage done in hacking attacks – using common, easy-to-guess passwords and using the same password across multiple accounts and applications.

Using an easy-to-guess password across multiple applications compounds the risk that sensitive information will be compromised.

I’ve written earlier columns citing the most common passwords people use and the list of the top 10 doesn’t change much.

On most lists, the top entry is 123456, often followed by 123456789.

Then comes qwerty (check your keyboard to see why) and the word “password” itself. One list included 1q2w3e, which threw me for a loop until I looked at my keyboard.

Here’s how long your passwords should be

In an April 2023 article in Cybernews, Paulius Masiliauskas said you can learn a lot about people’s preferences by counting the frequency of certain passwords.

You're only as strong as your weakest password.
You're only as strong as your weakest password.

Based on an analysis of more than 15 billion passwords from publicly leaked databases, it appears the internet’s favorite name is Eva, the number one sports team is the NBA’s Phoenix Suns, and the most popular food word is “ice.”

Almost 153 million passwords contained a curse word, with the top one (I won’t cite it here) being used nearly 27 million times.

In brute-force attacks, hackers use powerful software to guess at user passwords over and over until they get a hit. The process is made more effective when passwords are weak.

Common tips for creating a strong, unique password start with using at least 12 characters that are a random combination of upper and lowercase letters, numbers and special characters.

Don’t include names, key dates, or other easily identifiable information in any manner.

Make your passwords different

Another approach is to use a lyric from a favorite song or a memorable quote from a movie or book. To get even more sophisticated, make the password the first letter of each word in the lyric or quote.

You can also use a password generator to create unique passwords and a password manager to store them securely.

Having been wise enough to create a strong password, don’t reuse it across multiple accounts and applications.

In a process called “credential stuffing,” hackers exploit human nature to reuse passwords by attempting to access accounts using usernames and passwords stolen in data breaches or by other means.

A hacker was able to gain access to the information of 2.5 million of a company’s customers by using the seven-character password of a company executive that had been made public in an unrelated data breach.

Two-factor authentication is recommended

Stolen credentials are often offered for sale on the dark web, akin to black markets for other goods. Digital Shadows, a leader in digital risk protection, reported in 2020 that stolen credentials for accessing bank and financial accounts sold for an average of $70.91.

Domain admin credentials went for an average of $3,139.

A 2022 Microsoft report said that cyber crooks were making almost 1,000 attempts per second to hack account passwords, the number was rising, and 90% of accounts that get hacked only have one layer of protection.

One of the best ways to protect your accounts from stolen or guessed passwords is to enable multifactor authentication (MFA), also called two-factor authentication (2FA), in which an additional verification step beyond a username and password is required.

Randy Hutchinson
Randy Hutchinson

That may include a code emailed or texted to you.

Randy Hutchinson is the president of the Better Business Bureau of the Mid-South. Reach the BBB at 800-222-8754.

This article originally appeared on Nashville Tennessean: Password protection: Smart tips for fending off hackers targeting you