The First Step Toward Digital Security: Can someone guess your password?

by Nick Moran, on Thu 06 May 2021

As World Password Day rolls around,the password — the cornerstone of digital security — is on everybody’s mind.

So start with yourself. Where do your passwords come from?

Likely, your most-used password is tied to something memorable, and data from Google backs that up.

If you have your name or your birthday somewhere in your password, you’re like 59% of Americans. Other popular choices are your pet's name (33%), your name (22%), a partner's name (15%) or your child's name (14%). It may not be the most creative, but it’s easy to remember, right?

That’s exactly the flaw.

In the same Google report, 27% of Americans admitted to trying to guess another user’s password, with 17% actually succeeding. That number threatens everything from your streaming platform password to your online banking account.

Especially if the potential hacker knows you (or can learn about you through social media, for example), it makes guessing much more effective if they can start with potential passwords linked to popular subjects, like personal names.

If you’re not in that camp, maybe you’re sticking to an easier, quicker password.

Some of the most popular passwords that don’t follow the name trend are “abc123”, “Password”, and “123456”. Some honorable mentions include “iloveyou”, “Qwerty”, and “picture1”.

Despite not having personal information, these are just as easy to crack. NordPass reports that many of the aforementioned passwords take less than a second to breach.

There are two main things you can do right now to turn your password from a few-second breach into one that takes a day or more to crack: lengthen it and add complexity.

A Scientific American article notes that doubling the length of your password from six to 12 doesn’t just double the time it takes to crack it. While a six-character password takes about 10 seconds to crack, a 12-character password could take upwards of two million years to breach.

Second, set yourself up to mitigate damage if one of your accounts is hacked — that means not reusing passwords. Google reports 52% of users reuse the same password for multiple (but not all) accounts, while 13% of users use one password for every account they own. In the latter case, those users are just begging for hackers to take one compromised password and run with it across multiple accounts.

While laughing at cheesy passwords and guessing your way into your best friend’s Netflix account may be easy, understanding the common flaws in password security is critical to protecting your own credentials.

Instead of using easy-to-guess passwords, add layers of complexity or use a security-first password manager to store credentials that are lengthy and difficult to crack. Use multi-factor or - to be more exact - right-factor authentication to your advantage to curtail those who successfully grab your logins.

Whether you use your first name and birthday or a complex string of characters for your password, this World Password Day, don’t make a hacker’s life easy — get rid of usernames and passwords altogether!