Passwords are the lock and key to your most sensitive information: finances, account data, Social Security numbers (SSN), and more. But many are easy to figure out, including a birthday, pet’s name, “123456,” or simply “password.” An estimated 95% of cybersecurity breaches are due to human error, and cybercriminals are waiting to take advantage of your mistake and wipe out your accounts.1 Plus, 73% of Microsoft users recycle passwords for both their personal and work accounts, making them all too easy for cybercriminals to figure out.2

Creating inadequate passwords is the reason for 81% of hacking-related breaches, according to the Verizon Data Breach Investigations Report, and can open you up to significant financial and security damage.2 To effectively thwart cyberattacks, it is crucial to understand how hackers obtain your passwords and how to create one that will safeguard your information.

How hackers crack your code

A hacking attack occurs every 39 seconds,1 meaning someone has been hacked in the time you’ve been reading this article. Cybercriminals make it their mission to crack your passwords and steal your information – and they have several methods of doing so. Here are a few of the most common ways:

  • Brute Force Attack
    A hacker uses software to generate and try as many different possible passwords it can until it finds yours. The technology tries every combination of uppercase and lowercase letters, numbers, and symbols to guess up to 350 billion passwords per second. In a matter of hours, these attacks can crack any password that is up to eight characters.3

  • Dictionary Attack
    Like a Brute Force Attack, Dictionary attackers use software to guess every word you would find in a dictionary. The only way to outsmart a Dictionary Attack is to have a very uncommon word or a few uncommon words together with no spaces in between.

  • Phishing
    This is a basic tactic where cybercriminals try to pressure, persuade, or intimidate you into divulging your personal information using a false identity. Attackers using this social engineering scheme may tell you that your SSN has been hacked and they need you to verify your number, or that there is something wrong with your credit card. They will then hook you into clicking a link, which releases malware onto your device, or say that if you do not give your personal information, something bad will happen. These are fake claims that can come in an email, phone call, or text message.

Read our article on the various types of phishing and ways to safeguard.

Checkboxes of a strong password

Outsmarting cyberattacks is essential to keep your information safe – and the first step is creating a strong password. Let’s take a look at a few basic credentials any password should have, and see if your password checks the boxes.

  • Qwerty-osity killed your password
    Typical keyboard paths, codes with personal information including your name or date of birth, sequential numbers and letters such as “123456” or “abcdefg,” and common words like “password” are among the first to be guessed by hackers. In fact, “qwerty” was revealed to be the third most common password behind “123456” and “123456789.”4
  • The longer, the better
    Brute Force Attacks can crack any password that is eight characters or less. Your best chance in surviving one of these attacks is to make sure to create a password that is at least 15 characters. The longer the password, the more challenging it is for cybercriminals to hack into your accounts.

  • Do not reuse
    An estimated 65% of people report reusing passwords across multiple, if not all, channels.2 This means that if a cybercriminal guesses your password for one thing, they now have access to all of your accounts and information. It is recommended to change your passwords regularly and never use an old one.

  • Mix it up
    Combining various upper- and lower-case letters, symbols, numbers, and words that would not typically be seen together is a great defense against hackers. Avoid using just one word as a password to fend off a Dictionary Attack.

  • Get creative
    For many hackers, this isn’t their first rodeo. They are keen to common substitutions such as “MA17B0X” instead of MAILBOX. A more effective method is using random character placements instead of typical substitutions – they are tougher for hackers to guess.

Cybercrime is not going anywhere – if anything, hacking technology is becoming more advanced than ever. Because of this, we need to equip our accounts with the strongest defense possible.
Visit our website for more information on creating safe passwords and executing secure transactions online. Then, check out our articles on cybersecurity to see how we are keeping your information secure.