Recent research has found that a staggering 60% of internet users reuse their passwords. However, what might seem a convenient solution to an ever-growing collection of passwords can have severe consequences.
In an attack known as credential stuffing, hackers obtain pre-existing databases of leaked username-password pairs and automatically submit the same credentials to thousands of websites and services. “The tendency among users to reuse their passwords is what makes this tactic successful. A single compromised password permits hackers access to your other online accounts that share the same credentials,” says Daniel Markuson, a digital privacy expert at NordVPN.
With the record-breaking number of data breaches in 2021, your passwords are at a heightened risk for a credential stuffing attack. “A year doesn’t go by without at least a couple of ‘the biggest leaks yet.’ Threat levels worsen every year, while people’s awareness remains stagnant,” Markuson says.
What makes credential stuffing possible?
Substandard password hygiene is the main culprit behind credential stuffing. The aforementioned habit to reuse passwords is undoubtedly harmful, but password strength is arguably even more important, as strong passwords prevent your credentials from ending up in leaks in the first place. Unfortunately, research by NordPass into the most popular passwords shows that the public seems to place convenience over privacy. With users choosing such weak passwords as “password,” “123456,” or “iloveyou,” the situation in 2021 was grim.
Considering that passwords are the first line of defense when it comes to protecting your privacy, the precarious approach to password security is alarming. “Convincing someone of the danger of something they can’t see or touch is an uphill battle. Therefore, many people start to care only after they’ve experienced it first hand, which is always already too late,” Markuson says.
How to improve your password hygiene
Preventative measures are your best bet for protecting your privacy. With that in mind, here are a few tips from NordVPN’s Daniel Markuson on how to prioritize security when creating and managing passwords:
- Never use short passwords. The bigger variety of characters the password has, the longer it will take a hacker or other shady cybercriminal to guess it.
- Never reuse your passwords. Even if a password is leaked, other accounts with different passwords will still be protected.
- Make your passwords complex. Use upper- and lowercase letters, symbols, special characters, and numbers to create strong passwords.
- Use long passphrases. Using dictionary words is not advisable. Instead, create a combination of 6-7 random words. A combination like “left elephant shoes purple rugby vacation” is difficult to guess because of its length and randomness, but it is easier to remember.
- Use the mnemonics technique. Create memorable phrases using the mnemonics technique. For example, create a sentence like “I love to eat pizza with friends for fun!” and use it as a mnemonic to create a password “1L2epwf4F!”
- Use a password manager. Set up a password manager. It is a great tool for both generating and storing passwords. Advanced password managers like NordPass also have useful features such as Data Breach Scanner, which helps you find out whether any of your accounts have been compromised.