The Password Fix That Could Save You from a Cyberattack
Simple, high-impact changes to strengthen your accounts starting today.
Welcome to The Cyber Minute, a 5-part series that brings you practical, under-10-minute tips to dramatically strengthen your cybersecurity without the overwhelm. Whether you're running a business, managing a household, or just tired of worrying about hackers, this series is for you. Each post will focus on one small, doable action that helps make you a harder target for cybercriminals.
Let’s kick things off with one of the easiest (and most overlooked) ways to boost your security: rethinking your passwords.
One of the biggest issues regarding the safety of accounts is very weak passwords, whether we’re talking about online accounts, home systems and networks, or even mobile devices. Look at this list of the top 10 most hacked passwords in the United States in 2024. Hope yours is not on the list. But if these are the ten most hacked passwords, then that means many, many people are still using these weak, easily hackable obstacles:
1. 123456.
2. password.
3. 123456789.
4. qwerty123.
5. secret.
6. iloveyou.
7. letmein.
8. football.
9. princess.
10. monkey.
These passwords highlight the ongoing issue of users choosing convenience over security—and making their accounts vulnerable to hacking. More complex and unique passwords will enhance security.
Cracking the code isn’t that hard
The speed at which a hacker can crack the code using a password-hacking tool depends on various factors, including the complexity of the password, the strength of the hashing algorithm used (if any), and the computing power of the hacker’s system.
If the password is a common dictionary word, it can be cracked almost instantly using a simple dictionary attack, which uses a pre-compiled list of common words and tries them one by one until getting a hit.
The more computing power the attacker has, the faster they can attempt different passwords. With powerful hardware or a botnet, an attacker can try millions of passwords per second.
So, how long does a password really need to be?
Are you ready?
A password should be a minimum of 16 characters!
I can hear the groaning. But this is the reality, plus there are ways to create a 16-character password that actually is easy to remember.
Hackers, using today’s technologies, cannot crack passwords that are 16 sixteen or more characters.
There are very large organizations, including many in the financial services industry, that have switched to 16-character passwords for their employees—who were not, at first, happy about it. But then they realized the advantage: 16-character passwords cannot be cracked, so there are no complexity requirements. The password can be all lowercase and an easy phrase, like <ilovetogorunning>.
Another thing big companies did was require employees to change passwords every 90 days. We should all have been doing this, too, though obviously most people don’t. But since 16-character passwords cannot be cracked, changing passwords periodically doesn’t need to happen.
One by one, start changing your accounts to 16-character passphrases. On personal systems and networks, it’s alright to use an all-lowercase one. However, many websites mandate the use of upper and lowercase letters, numbers, and special characters. For those sites, add a little complexity. For example, <Iloverunning4fun>.
Here’s a technique I hinted at earlier. Have an eight-character complex password that you’ve used for years and now remember very well? Then, just type it twice and there’s your 16-character, easy-to-remember password. Instead of <Hot2023!>, start using <Hot2023!Hot2023!>. Voilà, an uncrackable password.
The easy way to manage passwords
One of the best ways to manage all very long and very complex passwords is by using a password manager application. This is a software tool designed to securely store, manage, and organize passwords and other sensitive information. Here are some key features and benefits of them:
Password managers encrypt passwords and sensitive data, providing a secure vault that can only be accessed with a master password. This is much safer than using a notebook or unsecured digital document. As discussed previously, a master password should be at least 16 or more characters and contain all four complexity requirements.
Password manager applications can generate strong, unique passwords for multiple accounts. These passwords are usually 20, 22, or 24 characters in length and very complex. But you never have to remember any of them. The password manager does that. This helps to maintain high-security standards without needing to remember complex passwords.
You only need to remember one master password to access all stored credentials. This master password should be 16 or more characters and use all four complexity requirements—upper and lowercase letters, numbers, and special characters.
Take 10 Minutes to:
Change at least one of your most-used accounts to a 16-character passphrase
Download and install a trusted password manager
Set your master password using the techniques above
Every small change you make now adds up to a stronger defense later. You don’t have to fix everything today, but this is an incredibly smart place to start.
In Part 2, we’ll tackle a second quick but powerful tweak that’s just as easy to implement, and just as critical to keeping your digital life secure.
For detailed step-by-step instructions on how to protect yourself, purchase my book, Cybersecurity: Everything You, Your Family and Every Small Business Owner Needs to Know