Passwords serve as the foundation of our digital lives, but they also serve as the gateway for cybercriminals to hack into sensitive personal information.
Considering their essential function, passwords remain a prime target for increasingly sophisticated cybercriminal attacks. Therefore, taking proactive measures to safeguard accounts and personal information is imperative.
To mark World Password Day today (2 May), and highlighting the essential role passwords play in protecting our lives online, Kaspersky experts are providing essential tips to enhance password security, ensuring that users data stays out of the hands of attackers.
Weak and simple passwords have always been an attractive target for scammers as cracking them gives criminals access to multiple types of data – personal data, financial information, medical records etc.
Kaspersky telemetry indicates more than 32-million attempts to attack users with password stealers took place in 2023 – and this followed more than 40-million incursions in 2022.
These alarming statistics highlight the need for users to create strong, unique and varied passwords for different accounts. This way they can mitigate the risks of cyber threats and maintain personal security online.
To enhance password security, Kaspersky experts recommend the following steps and practices:
* The ‘association method’ helps create strong and memorable passwords – The association approach involves creating a password from a sequence of words or ideas that have personal significance but are not easily guessable by others. A password can be based on a favourite quote, a memorable song lyric, or a unique combination of objects. This technique generates strong passwords without requiring complex memorisation, helping to maintain security while reducing the risk of forgetting. For example, a phrase “I first visited Paris in 2008” could be transformed into a password “IfvPin2o:o8”.
* Are regular passwords too boring? How about emoji? If using the same password everywhere becomes too much and you lack the imagination to make up something new, emoji-passwords could be a non-standard and safe option. Since they are a part of the Unicode standard, it is potentially possible to use them as passwords. One of the most significant pros is that scammers cannot brute-force emoji-passwords, since various tools and dictionaries can’t crack combinations like these. More detailed information on how to set up an emoji password and the necessary requirements is available here.
* The most obvious option is not the safest one – Using common passwords or default values such as “1234”, “password” or “admin” could make personal data and accounts vulnerable to scammers, since they use automated tools to guess the correct combinations. It may take several seconds to find the right answer and gain access to personal data. A strong and complicated password includes a mix of letters, numbers, and symbols, while avoiding personal information such as names or birthdays. Additionally, there are online public free services that allow everyone check how strong their passwords are to mitigate possible risks.
* Old, but gold: one account – one password – This practice ensures that if one account is compromised, others remain secure. By creating a unique password for each account, you minimise the damage a hacker can do if they manage to steal one. This approach isolates security breaches and helps protect sensitive data. According to a global survey, the average user has approximately 8 accounts. Remembering even two or three long and complicated passwords (containing up to 15 symbols) could be impossible for the majority of users. In this case it is both safe and useful to shift the responsibility of remembering all the passwords to a security solution, such as Kaspersky Password Manager.