Cybercriminals will also try variations of verified credentials. This means that slightly changing your passwords is not as secure as having unique, random passwords for each account. Research shows that one-third of non-identical passwords are actually sub-variations of each other, and bots could crack thirty percent of these almost-identical passwords in less than 100 attempts (bots can attempt dozens of passwords a second).
The only way to safely secure all of your accounts is by using strong, unique and random passwords for each of them. You must also change passwords when a breach occurs at any company those credentials are used for.
Stealing credentials is never innocent. These attacks can expose sensitive information, including your home address, social security number, tax information, credit card numbers and more to the attackers. This information can be used to steal money or steal your identity.
What if I Can’t Remember Multiple Passwords?
The reason so many people use the same password for multiple accounts (or use slight variations) is that strong, randomized passwords are hard to remember. We can hardly be expected to memorize one, much less the dozens– or even hundreds– of passwords we use to access our online accounts on a daily basis.
Luckily, there are secure applications that will remember passwords for you. Password managers allow you to generate and securely store thousands of passwords, while only needing to remember just one strong master password to access them.
Many browsers will save passwords for users, however, they are not nearly as secure as standalone password managers for a variety of reasons including the weak encryption model and fact that users generally leave them open and logged in.
How Often Should I Change My Passwords?
In the past, security experts recommended changing passwords on a regular basis. That recommendation has changed. Strong, unique passwords don’t need to be changed very often.
The exception is if you have reason to believe the password could be compromised. This includes if a company that you have an account with suffers a a security breach or if you discover malware on your computer. You may also need to change a password after sharing it with someone for temporary access or if you suspect someone is trying to access your accounts.
Strong passwords are difficult to remember, which is why government agencies and industry experts alike recommend the use of a dedicated password manager to automatically generate and securely store your login credentials.
How Else Can I Protect My Accounts?
Over 80% of data breaches are caused by the human element, with the majority due to stolen weak passwords, so just having strong and unique passwords for all of your accounts provides an immediate improvement in your cybersecurity. However, to practice good cyber hygiene, you should also:
Follow news updates from trusted cybersecurity sources to learn the latest recommendations, as cybercriminals are always developing new tricks.
It may seem overwhelming at first to follow these tips, but once you get into the habit, it will become a natural part of your online experience.
Stop Reusing the Same Password
Using the same password for everything seems like the easiest way to manage dozens of accounts, but sets you up for severe consequences including financial impacts and having your identity stolen. The low monthly cost of a secure, dedicated password manager is the best way to avoid the devastating consequences of a breach of sensitive personal information.
Aranza Trevino is the Sr. SEO Content Specialist at Keeper Security. She is an experienced cybersecurity trend and data analyst who continues to gain industry knowledge to educate readers through her blog efforts. Aranza’s blogs aim to help the public and businesses better understand the importance of password management, password security and staying protected against cyber threats. Aranza has a B.S. in digital marketing from DePaul University.
Get the latest cybersecurity news and updates sent straight to your inbox
Share this blog
You May Also Like
Passkey vs Password: What’s the Difference?
There are several ways in which passkeys are different from passwords in terms of how they are created, how they are filled into websites and how they are secured. Passwords are user-generated whereas passkeys are automatically...