Unless you live under a rock, most people have at least one password in use. In reality, it’s more like most people have 20+ different accounts online that require a username and password! But we all know how hard it is to have a different and unique password for all of our accounts, and that’s why most people cheat. In fact, about 80% of people use the same password or a variation for more than one account!

So what? What’s the big deal of using the same password? The real problem is cybercrime. To say it’s a problem is an understatement. Cybercrime is the most lucrative criminal activity in the world, passing illegal drugs in 2014. Hackers want your passwords, if they don’t have them already. Whether they’re stealing your passwords to sell on the dark web, to gain access to your system, or to blackmail you into paying a ransom, it’s a huge opportunity to gain money.

How do hackers steal your passwords?

There are so many ways, and I’ve highlighted a few of the most common ways.

  1. Buying them on the dark web.
    You might have heard of the world’s biggest data breaches, including Facebook, Twitter, Microsoft, Capitol One, and more. Anytime there is a major data breach, the information is bought and sold on dark web marketplaces.
  2. Brute Force Attacks
    These are automated guesses of billions of passwords a minute until the correct one is found.
  3. Key Logging
    A program is downloaded onto your computer where a hacker is watching all your keystrokes as you type them.
  4. Manual Guessing
    Personal information, such as name and date of birth can be used to guess common passwords.
  5. Social Engineering
    Attackers use social engineering techniques to trick people into revealing passwords.
  6. Stealing Passwords
    Insecurely stored passwords can be stolen – this includes handwritten passwords hidden close to the devices.
  7. Shoulder Surfing
    Observing someone typing in their passwords.
  8. Searching
    IT infrastructure can be searched for electronically stored password information.
  9. Interception
    Passwords can be intercepted as they are transmitted over a network
 Given all this information, what are the best password security tips?
  1. Have a different UNIQUE password for every account.
    Minimum 8 characters in length, with a combination of letters, numbers and symbols. Some of the worst passwords we still see today: Password123, letmein, testtest, basketball, qwerty.
  2. Keep passwords tough to guess, where even a family member couldn’t figure it out.
    Do not use something from your everyday life like your family member’s name, a favourite sports team, or your gym you visit. Through social engineering, a hacker knows what you do and where you go on a regular basis, and the first passwords they’ll try will be about those details in your life.
  3. Change your passwords every 3-6 months.
    With all the data breaches that occur everyday to the major companies we trust; your passwords are already out there on the dark web being sold. It’s important to change your passwords every 3-6 months because the old ones the hacker already has are no longer in use.
  4. Use a password manager app to help create and secure passwords (KeePass, LastPass).
    This is a safe way to keep all your passwords in one place and encrypted. Some password managers can even create strong passwords for you and automatically load them for you.
  5. Enable two-factor authentication (2FA) for an additional level of security.
    Wherever you can, enable 2FA so when you’re logging into an account, a code is sent to a separate device that you own. It’s important that the code is sent to a SEPARATE device because a hacker could have access to your device, and a security code to the device they have access to is rendered useless. If you’re logging in on your laptop, have the code sent your phone, for example.