Pop quiz: How many passwords do you use online? It’s probably more than you can remember right away, and most of the world is right there with you. According to a report from cybersecurity firm Digital Shadows, the average person uses 191 services that require passwords — and more than 15 billion stolen credentials are in circulation. That’s a 300% increase since 2018!
Because of this abundance of passwords, it’s no surprise that hackers and cybercriminals have made phishing campaigns a priority. After all, they’re one of the most effective ways to steal passwords and other data from hapless victims. Tap or click here to see why phishing scams are on the rise.
With so many scams and attacks targeting your passwords these days, it’s never been more important to protect your accounts. To help you stay safe, we’ll show you how you can make your passwords work to your advantage rather than against you. From complex passwords to security checkups, there’s no shortage of ways to stay one step ahead of cybercriminals.
Security warning: Your passwords are in grave danger
Digital Shadows’ password report paints a stark picture of the cybersecurity landscape in late 2020. There are 15 billion passwords — most of them stolen from more than 100,000 data breaches in recent years — floating around on the web waiting for anyone to try them.
In fact, this is one of the main methods hackers are using to crack into otherwise secure accounts. Programs like Sentry MBA and OpenBullet allow hackers to brute-force their way into accounts using hundreds of stolen passwords in sequence. Because so many passwords are repeated across platforms, odds are good that something among the 15 billion will open the lock.
How many passwords are repeated? Well, out of 15 billion analyzed by Digital Shadows, only 5 billion are unique! That means about 10 billion passwords are repeated across multiple accounts. And if a hacker is able to come up with a successful combination of username and password, you can bet they’ll try the same combination on other websites.
This isn’t the only grave news from Digital Shadows’ report, either. Here are a few sobering highlights that show just how dire the situation has become:
- Many passwords are given away by hackers for free, but the average password sells for around $15.43.
- Key systems belonging to major organizations are hot-ticket items, with some selling to the highest bidder for up to $140,000.
- Bank and financial accounts sell for an average of $70.91.
- Account accesses for antivirus software tend to go for around $21.67.
- Accounts for media streaming, social media, file sharing, virtual private networks (VPNs) and adult-content sites sell for well below $10 apiece.
- More than 2 million email addresses were exposed through financial invoices.
- Brute-force hacking tools sell for an average of $4 apiece, and entire identities can be “rented” for access online for around $10.
The solution? There are multiple ways to keep your accounts safe, but the primary one is using separate passwords for every single account.
This may be harder to remember, but you’ll be much safer if one of them happens to get leaked. Instead of all your accounts going down at once, you’ll only lose access to one at a time.
What other ways can I keep my account passwords safe?
Aside from using unique passwords across multiple accounts, there are a few additional steps you can take to keep your accounts secure and your passwords out of the wrong hands.
- Two-factor authentication: By activating 2FA, any login attempts will now require a second form of verification to be successful. This means that your physical smartphone is required to log in, so only you will have access. Plus, you’ll be alerted when someone attempts to log in to your account without your permission. Tap or click here to see how to set up 2FA for your favorite websites.
- Stronger passwords: Create stronger passwords by using a random collection of letters (uppercase and lowercase), numbers and symbols. Try to make them eight characters or longer, too. If it helps, try using a memorable phrase or song lyric and swapping letters for numbers.
- ex: “Take my hand, off to never-never land” becomes “T/V\ho2nnL.” In this example, cases alternate, the “M” in “My” becomes two symbols and a letter, and the “to” becomes the number 2.
- Give your accounts a privacy checkup: Use an email address for several accounts? You can use a security-checkup service like HaveIBeenPwned to see if that email address was involved in any major data breaches. If your account was “pwned,” that means it’s time to change any passwords associated with that email address.
Tap or click here to see how haveibeenpwned can help you protect your accounts.
In addition to the methods listed above, another option you can take advantage of is a secure password manager.
If you’re using unique passwords for all your accounts, it can be tricky to remember every single one of them. That’s where a password manager like our sponsor Roboform comes in. Not only does Roboform save your passwords using secure encryption, but it can also suggest stronger passwords for you that are less likely to get cracked or guessed.
Somewhere out there, there’s a cybercriminal or two hoping to get lucky and break into your account. As convenient as it is to use simple passwords or share them across all your accounts, this convenience goes both ways. Don’t give the bad guys a chance.