Choosing a password can be tricky. It needs to be difficult to guess, but at the same time it needs to be easy enough for you to remember whenever you need to enter it. This is why it’s not surprising that many people use word and number combinations that are familiar to them, like birth dates, street addresses, postal codes, and so on.
In fact, according to ExpressVPN’s research, a whopping 15% of US participants revealed that they use their pet’s name as their password! While you might think that no one will be able to guess your pet’s name, at least not a stranger, social engineering attacks are on the rise, and information that you would think would be private or personal to you can be revealed in the process. This makes it easier for attackers to try and guess your password.
Some of the weakest passwords of 2023 research has also revealed that despite repeated advice, many people still rely on “123456” as their password of choice. Shocking, isn’t it? Hopefully, at this point, we’ve managed to communicate the importance of choosing an important password, and if you’re wondering how to do that, read on.
Password managers can be helpful
So here lies the conundrum – how do you create a complicated password so that it would be near-impossible to guess but also easy to remember? That’s where password managers can come in handy.
For those who are unfamiliar, password managers are basically tools that help you store and remember passwords for your online accounts. They can even help fill in those passwords for you automatically when you log into a website, saving you a ton of time in the process. Password managers also generally come with a password-generation feature.
This allows you to generate extremely strong passwords that would be almost impossible to crack or social engineer. Random passwords that contain a mix of letters, phrases, numbers, and/or special characters can dramatically increase the strength of your password.
While brute force hacking could have the potential to eventually figure out the password through a sheer combination of mixing and matching, it would take a considerably longer period of time compared to if you were to use a password that contains your pet’s name. Also, as we mentioned, password managers can remember and store these passwords, so even if it’s insanely complicated, the password manager does all the memorizing for you.
It also allows you to create unique passwords for every single account you have, so in the event that one account is compromised, the attacker will not be able to break into your other accounts just as easily had you used the same password across multiple accounts.
It also does away with the need to write your passwords down, which, according to a survey on passwords mentioned previously, found that 35% of respondents said they did.
Other ways of securing your account
While password managers are a great way of creating and remembering strong and complicated passwords, we wouldn’t necessarily say it’s the be-all-end-all of cybersecurity. Since passwords can eventually be cracked, another way to secure your online account is through two-factor authentication (2FA) and security keys.
2FA is when you log into an account, and a one-time passcode is sent to your phone via SMS or generated through an authenticator app. This code is generated every time you log in, meaning that even if a hacker manages to break into your account, unless they have physical access to your phone, they still would only be able to log in if they entered the correct OTP.
Since OTPs also generally have a short lifespan of a few seconds to a few minutes, they cannot be cracked quickly enough.
Another method of securing your account is through security keys. These are physical devices that connect to your computer via a USB connection. This ensures that as long as the key is plugged into your computer, the computer you’re logging in from is considered to be authenticated. It’s less troublesome than having to enter an OTP all the time, but it also means that you’ll have to keep it on you in case you want to log into a website, but you’re not at home.
One advantage that physical security keys have over OTPs that could make up for the slight inconvenience is how they are protected against phishing style attacks that might try to steal your OTP.
A passwordless future
Passwords are still very much in use these days, and they’re still the main way of logging into your online accounts. However, many companies are working together to create a passwordless future, like with passkeys.
Passkeys rely on devices like your smartphone for authentication. Since pretty much all smartphones these days are encrypted and protected using passcodes or biometric security like fingerprint or facial recognition, it does away with the need to remember passwords as your device can authenticate you.
It also more or less reduces the effectiveness of phishing or social engineering attacks to near zero, which is generally how people have their passwords stolen. Unless the hacker has your device physically in hand and also manages to bypass your device’s security (which would be almost impossible with fingerprint or facial recognition), it is a more effective way of securing online passwords.
We wouldn’t go as far as saying that it eliminates the possibility of someone hacking into your account (if there’s a will, there’s a way), but it does take the chance of someone using a weak password out of the equation since there is no need for passwords.
At the moment, passkeys aren’t very widespread yet, but with many big tech companies backing the technology, hopefully, it will become the new standard in the future.
We expect that further down the road, maybe 5-10 years, passwords will be a thing of the past, and passwordless options like passkeys will be the standard. But until that happens, passwords are still one of the main ways of securing your online accounts, especially those that contain sensitive private or financial information.
So, if you’re guilty of using passwords that aren’t terribly complicated and could be easily guessed, then perhaps it’s time to take steps to ensure that you’re securing your accounts either by using a password manager to help you generate and remember complicated passwords, or at least protect your account using 2FA or security keys if you insist on using passwords that are easy to remember.