The Need for Unique, Strong Passwords
Cybersecurity experts continually identify the use of strong, unique passwords as one of their top recommendations. However, this is also one of the least commonly followed recommendations because unless you know the tricks, it's difficult to remember strong, unique passwords for every login and website.
Why your password is important
Cybersecurity experts make the recommendation for strong, unique passowrds for several reasons - the first being that every day malicious cyber threat actors compromise websites and online accounts, and post lists of usernames, email addresses, and passwords online. This exposes people's passwords, and worst yet, they are exposed with information that uniquely identifies the user, such as email address. That means that a malicious actor can look for other accounts associated with that same person, such as work related, personal social media, or banking accounts. When the malicious actor finds those accounts, they can try logging in with the exposed password and if the password is reused, they can gain access. This is why unique passwords matter.
Secondly, when malicious cyber threat actors can't easily find or guess the password, they can use a technique called brute forcing. This is a technique where they try every possible password until the correct password is identified. Of course, most attackers don't sit there manually entering guesses - they use computer programs that can work day and night and enter guesses at a far higher rate than any human being could. These cracking programs know all the popular passwords (and how popular they are), have huge lists of dictionary words they can consult, and know the tricks that people use to obfuscate passwords by adding funny [email protected]. A strong password consists of at least 10 characters and includes a combination of uppercase and lowercase letters, numbers, and symbols. The stronger the password the less likely brute forcing will be successful.
Consider using a password manager, which is an application that can run on a computer, smartphone, or in the cloud, that securely tracks and stores passwords, Most password managers can also generate strong, random passwords for each account. As long as the password to access the password manager is strong and unique, and the two-factor authentication is being utilized, this technique can be effective.
Security experts are now recommending a "pass phrase" rather than simply a password. Such a phrase should be relatively long - perhaps 20 characters or so and consist of seemingly random words strung together along with numbers, symbols and upper and lower case letters. Think of something you can remember but others couldn't guess such as YellowChocolate#56CadillacFi$h.