Hello! Our first line of defense against a cyber-attack is our passwords. The problem, however, is that your security is not always taken as seriously as it should be. It seems unbelievable, but numerous users are still being naive about this particular issue. In fact, many users have poor password practices in this regard. As a result, it is quite common to reuse passwords or use weak passwords that are easy to crack by brute force attacks. For that reason, in this post, we will see how a high percentage of hacked passwords are still in use.
Hacked passwords increase
Look, the numbers don’t lie. A report examined trends related to breached data. In addition, in this report, researchers identified 1.7 billion compromised passwords. We’re talking about a 15% increase over 2020, and 13.8 billion personally identifiable information records recovered. These numbers come from breaches occurring in the year 2021.
Reused passwords have been the main vector for attacks recently. As we warned earlier, this is a recurrent practice. In addition, we have to add the growing threat of digital identity exposure. Similarly, he comments that his annual report shows that users still do not take password security as seriously as they should.
On the other hand, the threat of account appropriation is a factual matter. However, this threat is apparently not implementing general improvements in user cybersecurity hygiene. This careless behavior for individuals is truly alarming. Especially given the frequency of digital identity fraud.
The government sector was strongly represented in 2021, relating to passwords breached. In that aspect, 611 breaches were discovered containing .gov email addresses. On the other hand, they also found 561,753 credential pairs of email addresses and passwords of government agencies at the international level.
Below is a list of the most common data obtained by attackers:
- Dates of birth,
- National identification numbers or driver’s
- Driver’s licenses,
- Makes and models of vehicles,
- Number of children,
- Smoking status,
- Marital status,
- Estimated income
Reuse of passwords
This is a constant error. Incredibly, users keep tripping over the same stone over and over again. Today, the average user has dozens of online accounts with a single login. In addition, they often reuse passwords. The report found that 64% of users with multiple compromised passwords reused passwords for multiple accounts. This represents a 4-point increase from the same point in 2021. A worrying statistic is the year-over-year increase in password reuse. This reflects the ease with which cybercriminals can use compromised passwords to compromise multiple accounts. In this regard, it has been observed that:
- 82% of the reused passwords analyzed consisted of an exact match to a previous password.
- 70% of users linked to breaches were still using an exposed password.
How users create their own passwords
Undoubtedly, the reuse of passwords for several accounts has an impact on their vulnerability. However, there is also another important factor that makes our passwords more likely to be violated. In fact, the report also identified a strong link with current events when choosing our passwords. On the other hand, there were common elements used in general to generate passwords. Thus, some of these factors are: TV shows, movies, and series of 2021, also music, as well as pop culture and sports.
On the other hand, many users and businesses think they are protected against identity fraud by relying on a dark web monitoring service. Unfortunately, one thing they don’t know is that it can take more than a year before breached passwords reach the dark web for those services to find them.
Recommendations for protection
To adequately protect our accounts, we must comply with two essential aspects:
- Have a good password to access the service.
- Always enable the service’s two-step authentication.
For the former, we must create an alphanumeric password with a length of 12 characters or more. Additionally, it must mix numbers, uppercase, lowercase, and symbols. This way we avoid that our password is in a password dictionary and that it is easily vulnerable. On the other hand, you may not want to generate the password directly. In such a case, you can use any of the dedicated tools. In this case, we recommend Password Generator.
Another aspect to consider is to always use password managers. These tools allow us to store all users and passwords securely. Additionally, they encrypt the contained data, and access them through a master key that is the only one you must remember.
Let’s talk a bit about two-step authentication. In fact, nowadays most online services, prestigious websites, etc., have systems to configure the second authentication factor. On the other hand, if you are going to set up two-factor authentication, you must do it with an authenticator application. It is also advisable to use a USB device for authentication. On the other hand, it is not recommended to use SMS as a second authentication factor. Indeed, they could do a SIM Swapping and clone our SIM to steal this key sent to us.
On the other hand, staying safe is fairly easy with the right tools. We therefore recommend using a key manager such as KeePass or Bitwarden. It is also advisable to activate two-step authentication in your services, but without using SMS as a second authentication factor.
We also recommend the use of password managers. Certainly, there are many on the market. However, LastPass is my personal choice. It is indeed a very complete, functional and didactic service. Moreover, its free version is more than enough for a home user.
Very well, in this way we have seen that most hacked passwords are still in use. We also learned what measures to take to avoid this risky situation. Bye!