- US President Donald Trump’s Twitter password was an easy-to-guess ‘maga2020!’ as recently revealed by Victor Gevers, a Dutch security researcher.
- In 2016, it was revealed that Facebook founder and CEO Mark Zuckerberg, reused the password ‘dadada’ on Twitter and elsewhere.
Not surprisingly, both of them had their accounts hacked putting their personal reputation in jeopardy as well as embarrassing their associates amidst global media coverage. Unsecured or weak passwords can lead to data breaches, ransomware attacks, as well as identity thefts that can be abused for other menacing cyber or real-world crimes.
The mistakes
Per a recent survey by Security.org, one in every 142 passwords by people in the US is the sequence ‘123456’. Last year, a report about bad passwords from the National Cyber Security Center of the UK listed the worst passwords. Unfortunately, but unsurprisingly, 23.2 million of the passwords hacked worldwide was the same password – ‘123456’. Also, the most common amongst all the breached passwords included the ridiculously simple ‘password’ or ‘1111111’.
According to the survey, 45% of Americans use passwords that are eight characters or less. Such weak passwords are a cardinal sin when it comes to cyber security, really.
One of the most common mistakes when choosing a password is predictability. Many use their first names (or their child’s or partner’s), favorite teams, and musicians, as well as fictional characters (clearly, they’ve learned nothing about hiding their identities from their favorite superheroes). With our personal data and preferences available on social media to mine, guessing such passwords isn’t too hard.
The other major mistake is that people tend to reuse passwords on multiple sites. In case of a data breach at any of the online services you use, all online accounts using the same password are compromised.
The impact
Weak passwords can easily be guessed by bots trying to break into your account and can be easily cracked if exposed in a data breach. These days, hardly a week goes by without hearing about a data breach which expose personal data, including names, email addresses, passwords, government identities, dates of birth, credit card information, medical records, et al to shadowy hackers with an aim to use the information for identity theft, financial scams, and other sinister cyber/real world crimes across the globe.
Hackers do not just care about financial information to swoop in money but have countless ways to leverage other types of personal data for profit. They can use your personal information for identity theft to get new credit card issued in your name or commit a real-world crime implicating you. Often the effect might not be immediate, but they will find a way to profit from it via some corrupt means.
The solution
Much has been said about the need for strong and unique passwords. As our lives get more entwined with growing online services and digital transactions, we need to step up our game to counter the cybercriminals who are on a constant lookout for our personal and financial information.
Here’s a thumb rule that minimizes your risk against data breaches – Always use a strong password generator to create every single password that you need. Enpass, for example, offers a password generator that creates strong and random passwords by using a cryptographically secure random generator. And because you use a password manager, you’d save the complex and strong password without a need to memorize it ever.
You can also take a look at our guide to choose a strong password that will put you on the right path making it tougher for even the most determined malicious hacker to break into your accounts.