Your passwords are weak.
This is an assumption, of course, but if you’re anything like most internet users, it’s likely to be true.
With data breaches, identity theft, and financial fraud on the rise, having a predictable password makes you increasingly vulnerable. In fact, your accounts may have already been hacked into or your identity stolen; you just may not know this yet.
If you want to improve your online security and privacy, changing your passwords is the easiest thing you can do. It is also likely to have the biggest impact.
Below we show you how secure your password is by reviewing some simple tips, techniques, and tools you can use when creating passwords.
Avoid popular passwords. The more unique and random you can make your password, the better.
Entropy, a measure of randomness, can help you decipher whether your combination of letters, numbers, and symbols has enough randomness to be a strong password. Using common words makes weak passwords.
Any words you can find in the dictionary, and any repetition of those words, decreases entropy and makes a password hack far more likely.
Using personal information for passwords, like the year you were born or your spouse’s name, is likewise a big no-no. The reason why is that cybercriminals can easily find this information online.
Using one password across multiple websites (social media, bank accounts, etc.) also puts all of your online accounts at risk.
Password length matters too. Use as many lowercase letters, uppercase letters, numbers, and symbols as possible within the website’s limits, and remember to change your password from website to website for optimal password strength.
If you struggle coming up with strong passwords, you could try creating passphrases instead.
Alternatively, a password manager might be a better option. Password managers often come with a password generator and are deemed more secure than just relying on memory to remember passwords (even with cybersecurity breaches like the one that affected LastPass). Just remember to use a strong master password, as cybercriminals can also use brute force techniques to guess these.
There are many free tools online that can assist you in testing the strength of your password. Here are a few “password strength meters” where you can enter your password to see how long it would take a potential hacker to crack it and gain access to your private information:
These tools can also tell you whether your letter, number, and symbol combinations have adequate entropy to create a unique password.
You can also use tools like this one by Home Security Heroes to see how long it would take AI to crack your passwords. With the use of AI, cybercriminals can crack most passwords instantaneously.
Even if you’re confident in your password security, it’s still a good idea to set up multi-factor authentication (MFA).
MFA adds an additional step in the login process, so even if a cybercriminal gets their hands on your password, they won’t be able to sign into your account – they’ll have to provide more information.
At the same time, MFA is not foolproof.
Recent security breaches demonstrate that criminals can bypass MFA with attacks like SIM swapping (where they convince your phone provider they’re you in order to have your phone number transferred to their phone) or MFA fatigue (where they spam you with MFA push notifications until you accept.
If your personal information is freely available on the internet, then cybercriminals will be able to find a way to hack into your accounts.
For example, cybercriminals may use your personal information to answer password reset questions or send you personalized phishing emails where they trick you into revealing sensitive data or downloading malware.
As a result, it’s a good idea to ensure there’s as little personal information available about you online as possible. Keep your social media accounts private, never overshare on forums, and make sure to opt out of data brokers (read more about these shadowy companies and what they do with your personal information in our ultimate guide on data brokers).
DeleteMe is our premium privacy service that removes you from more than 30 data brokers like Whitepages, Spokeo, BeenVerified, plus many more.
Save 20% on DeleteMe when you use the code DIYPRIVACY.
Our privacy advisors:
Save 20% on any individual and family privacy plan with code: BLOG20