Surveys show that 42% of people use their names in passwords
Password theft can make life significantly more difficult. Aside from benign major problems, compromised passwords can easily lead to identity theft and cause serious legal problems. Therefore, it is worth paying attention to the strength of your passwords and changing them regularly, or at the latest when you suspect that your accounts have been compromised.
ExpressVPN’s study of the most common passwords around the world showed that 42% of people use their first name in their passwords, while 43% of them use their date of birth. Since this information can be easily tracked on social media, your accounts may be more vulnerable to hacking attacks.
How can someone find out my password?
A compromised password allows unauthorized people to log into your accounts. Password compromise is usually not your fault; your data is not directly compromised on a specific computer. There’s no reason to automatically assume that an attacker has accessed or hacked your computer and is still looking at it (these thoughts are only appropriate if you find that multiple passwords have been compromised in a relatively short period of time).
The most common reason is theft of the user’s personal data from various services. It is also conceivable that attackers can hack and obtain a database of users of a particular service (a so-called “Breach”) and then publish it. The password is then sold on the black market and can actually be read by anyone.
How to protect yourself
Checks for fraudulent use
You can easily check your password online. Take a look at the publicly available tools that can do this. Most of them work automatically and can send an alert when you enter your email address if they detect a leak or event (containing your email address or password) as mentioned above.
The most famous monitoring tool is “have I been pwned”. Here, after entering your email address, you can see which services or providers have been hacked and which user accounts have been compromised. If your account is listed, consider your password hacked and change it as soon as possible. It’s obvious which one it is by looking at your password, even if it doesn’t appear naturally.
You can enter the password directly into the Pwned Passwords tool (instead of looking for the associated email). The result is a notification about whether the password was part of a data breach and how many times it happened. The database contains over 613 million compromised passwords that have previously been proven to have been stolen.
Other services for checking password compromise:
- Firefox screen
- Chrome browser
- Avast Hack Check
- Mirkat for Lenovo
Detect weak and duplicate passwords in the administrator or keychain
Warnings about password compromise or password weakness should be available in any decent password manager. We’ve already covered them in our magazine, and you can find the most famous ones in a dedicated password management section.
On some systems, passwords are stored in keychains that support the features mentioned above; for example, on iOS (iPhone) and macOS, Keychain warns if a password is weak or repeated across multiple services. Since iOS 14 and macOS Big Sur, the keychain can also keep track of compromised passwords. If your saved password has an exclamation point next to it, you should change it right away.
- The list of 2020’s most used passwords is here, and it’s terrible
- Revealed: The 200 most used and worst passwords of 2021
- Chrome on Android will notify, fix your compromised password
- Psst! tool by 1Password allows users to share passwords using a link
- Nissan source code leaked, it used “admin” as username, password
Use a password manager
The average internet user uses so many services and apps that if they had to use unique passwords for each one, they wouldn’t be able to remember them. So if you don’t want to give up security completely and use a single password, we recommend using a password manager.
Password managers can even suggest strong passwords, which is something to consider. Password suggestions are also built into some browsers, or password manager plugins allow this feature. Artificial intelligence can judge better than the user what is a suitable and strong password.
The default setting for cloud-based password managers is to log in with 2FA. If you use a password manager on your phone, it usually has biometrics – fingerprint or facial recognition. This adds another layer of security to password access.
We regularly cover two-factor authentication (2FA) in our magazine, so the term is certainly not new to you. Simply put, 2FA adds an extra layer of protection to your login, so a simple password is no longer enough. To log in, you still need to enter a one-time password (OTP), which is generated separately on the device you have. This is usually an app on your smartphone that shows you an OTP password for each “connected” service, which is valid for a very short period of time.