We all know the rules of the game when it comes to creating passwords: never use easy-to-guess things like your name, street you live or grew up on, child’s name, birth date, and other similar words. And of course, never use the word “password,” “123456,” or “Iloveyou,” which remain among the most popular passwords. While it’s difficult to remember dozens of passwords, and never a good idea to write them down on that Sticky Note in your desk drawer, it’s also advisable never to repeat them. And Nord VPN discusses just how dangerous that can be.
According to Nord VPN, 60% of Internet users re-use passwords. But the obvious reason not to do this is that if one particular account is compromised, that gives a cyber thief the opportunity to access all of your other accounts with that same password.
There’s actually a name for how cyber thiefs can use this trend to their benefit: credential stuffing is when hackets obtain obtain pre-existing databases of leaked username and password pairs and automatically submit the same credentials to thousands of websites and services to see which ones stick.
“The tendency among users to reuse their passwords is what makes this tactic successful,” says Daniel Markuson, a digital privacy expert at NordVPN. “A single compromised password permits hackers access to your other online accounts that share the same credentials.”
What’s more, Nord VPN notes that with the record-breaking number of data breaches in 2021, your passwords are at a heightened risk for a credential stuffing attack. “A year doesn’t go by without at least a couple of ‘the biggest leaks yet,’” Markuson adds. “Threat levels worsen every year, while people’s awareness remains stagnant.
“Convincing someone of the danger of something they can’t see or touch is an uphill battle,” he continues. “Therefore, many people start to care only after they’ve experienced it first hand, which is always already too late.”
In addition to advising never to re-use the same password for multiple sites, no matter how tempting it is, Markuson offers some tips on how to create secure and original passwords.
Never use short passwords. The bigger variety of characters the password has, the longer it will take a hacker or other shady cybercriminal to guess it. Doing this is becoming less and less common anyway, however, as many websites require passwords that include a minimum number of characters. With that said, even if the site will accept a six-character password, for example, it’s not a bad idea to extend it longer.
Make your passwords complex. Use upper- and lowercase letters, symbols, special characters, and numbers to create strong passwords. Again, many websites these require a combination of all the above before the password can be accepted. While frustrating, it’s also a necessary step to ensure the safety of your account information.
Use long passphrases. Using dictionary words is not advisable. Instead, create a combination of 6-7 random words, says Markuson. A combination like “left elephant shoes purple rugby vacation” is difficult to guess because of its length and randomness, but it is also easier to remember.
Create memorable phrases using the mnemonics technique. For example, create a sentence like “I love to eat pizza with friends for fun!” and use it as a mnemonic to create a password “1L2epwf4F!”
Use a password manager, a great tool for both generating and storing passwords, such as NordPass, which has useful features such as Data Breach Scanner, which helps you find out whether any of your accounts have been compromised.