Nowadays there’s virtually no site on the internet where inserting a password isn’t required. Granted, there is no need for passwords while searching for news or just killing some time, but our social media accounts, email and bank accounts all require setting a strong password and remembering it. Yet the more different online accounts we start to amass, the less care we put into the passwords we use. Thus, passwords don’t get the proper attention they deserve, often ending up being short and easy to remember. And that’s why many of them are easily stolen by hackers using a variety of methods, as revealed by an interesting Google study, which in turn underlines even more how important it is to set strong passwords to protect our online identity.
Common Passwords and Their Risk
The study, carried out by Google between March 2016 and March 2017, is quite the shocker: the company’s researchers managed to identify “788,000 potential victims of off-the-shelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on the black market.” Google’s study also points out that one of the most commonly used methods for individuals to find out peoples’ credentials is infecting the device with malware.
According to the study, malware is mostly used by invaders to search their victims’ email history for financial data and for credentials “related to third party services”. In that regard, it was (sadly) not surprising that during the aforementioned one-year period the company identified 57,000 Facebook spam accounts, 97% of which have been previously compromised.
However, if malware infection, phishing schemes and the like are put aside, the main reason why many credentials are so easily obtained is poor password choice. In fact, according to the Google study, the top 10 most used passwords found in recent plaintext leaks include several variations of ‘123456’, ‘password’, ‘password1’, ‘abc123’ and ‘homelesspa’. Maybe the latter needs some explanation: it was added to Google’s study as “the most common [password] in the MySpace credential leak.”
Although the poor security of these passwords was confirmed several times, it’s surprising to see how many people still rely on them. This just underlines what we said before: few people pay the necessary attention to strong credentials. As a matter of fact, the MySpace password we mentioned earlier that is used by over 855,000 users is the one automatically generated by the service after creating an account. This indicates that almost a million people didn’t even bother to change the default password.
Considering everything mentioned above it’s easy to guess that the re-use of credentials is another reason of major data leaks identified by Google: in their own words “17.0% of the 22 million email addresses in multiple leaks re-used a password at least once”.
Using Password Managers
Seeing how easily our online identities could be stolen it’s crucial to have strong credentials for all online services, regardless of how often said services are used. And one of the best methods to avoid being forced to memorize multiple, complex passwords is using a password manager.
Such a tool will only require you to create one strong password, the so-called master password, during the creation of an account. From then on everything else is taken care of by the program: it generates complex passwords that are more than unlikely to be breached, plus it encrypts and stores all data in a secure vault that only those in possession of the master password can access. Additionally, password management software imports credentials from web browsers (Firefox, Chrome, Microsoft Edge etc.) or from other programs such as Mozilla Thunderbird. Furthermore, many of these solutions are also available for mobile devices to provide a truly cross-platform experience, not to mention they often have a cloud service that allows the secure sharing of information between trusted users.
Keeping passwords and other types of credentials in a password manager is indeed safe, but combining such a solution with VPNs is even better. With a VPN by your side all connections through which you login to your online accounts are encrypted, ensuring that your credentials are securely transferred. Any other credentials and data you send over your connection are also kept private as you use the IP address of the VPN server rather than your own IP address assigned to you by your ISP. This way eavesdroppers, authorities and any other third parties won’t have a chance at snooping on your passwords and the activity through your online accounts.
Best VPN Services of 2019