Chances are your passwords are terrible. Nearly 9 out 10 passwords that appear in password breaches have already been leaked in a data breach, according to a study done last year by Troy Hunt.
Here’s why that matters.
This video reveals how criminals crack weak passwords using tactics known as hash crack and brute force. In the two minutes and fifteen seconds it takes for you to watch it, a poorly secured account can be easily hacked.
Bad passwords are almost inevitable
The basic errors of using flimsy passwords or reusing credentials on several different sites are so easy to do, they almost make sense. Many internet users have more than 100 accounts linked to their email address. The chances of remembering strong, unique passwords for each site veer toward zero.
Password security advice is often misleading, with many people believing you need to memorize lists of long, random passwords. However, the safest thing to do with dozens of complicated passwords is to forget them – and use a password manager instead.
“Anything that saves people the strain of having to manage their passwords manually is a win-win all round,” said Tom Gaffney, Principal Consultant, Consumer Business Unit at F-Secure. “Hardly a day goes by without a significant data breach making the headlines, but managing passwords and staying secure doesn’t have to be overwhelming when using a password manager.”
Friends don’t let friends reuse passwords
Using a password manager makes it far less likely that you’ll break the first commandment of password security: thou shalt not reuse passwords.
This one principle is so important that we made this poster for you to hang in your home our office to keep the thought in mind.
Here’s how you can win
For Cyber Security Awareness month, we’re giving away 10 “Friends don’t let friends reuse passwords” stickers.
Just reply to this tweet and tell us how many of these good password hygiene guidelines you follow for your chance to be randomly selected:
- Avoid reusing passwords on multiple sites.
- Protect your email by using a separate account for password reset links
- Use two-factor authentication wherever possible
- Focus on long, simple passwords or phrases, instead of shorter, more complex ones
- Choose passwords that can’t be easily determined from your social media accounts
- Make sure you choose passwords that won’t embarrass you if they’re leaked
- Stop browsers from remembering your passwords
- Sign up for an alert service which will notify you if your email is found in a breach, such as HaveIBeenPwned
- Use a password manager
And here’s a little bonus: F-Secure KEY – our password manger — is free on any one device and is included as part of F-Secure TOTAL. It can make your life and good password hygiene much easier.