New Avast research* shows that 25% of connected users worldwide have never changed their passwords. Are you one of them? Our research also reveals that 83% of Americans use weak passwords that are easy to crack.
World Password Day is May 2nd, which makes it a perfect time to address this crucial cybersecurity issue. Using weak passwords, or reusing the same ones for different accounts, makes you an easy target for hackers. Once they figure out your password, they can access your personal data, bank accounts, emails, social media accounts, and more.
Why is using a strong password important?
Further results from our research show that 50% of the connected global population uses the same password for multiple accounts. Up to a third of the users in France, for example, have never changed their passwords, citing laziness as one of the main reasons why. By comparison, only 18% of US users have never done so. This type of behavior puts accounts at risk of being hacked. When a data breach happens, the compromised login credentials are often sold to cybercriminals on the darknet. Those criminals in turn try to use those credentials to access as many accounts as possible, knowing people often use the same password for multiple accounts.
Unfortunately, many people around the world — including 83% of Americans — use weak passwords that are easy to crack. Cybercriminals take advantage of this by trying to brute force their way into accounts. In a brute force attack, automated software is used to try different combinations of usernames and passwords until it finds one that works. Often, cybercriminals also perform dictionary attacks, which is a method of gaining account access by entering dictionary words commonly used for passwords.
Strong passwords are much more difficult to crack, and they help to better protect your personal data. With so many data breaches in recent years, there is a high chance that your own info has been compromised. If you haven’t changed your passwords in a while, we recommend that you do so now, making each one strong and unique.
Why you should not use the same password on multiple accounts
Half of connected users worldwide use the same password to protect more than one of their online accounts. This is very risky. If hackers crack your password or gain access to it after a data breach, they will then use it to try to log in to your other accounts, knowing that so many people recycle their passwords. After a data breach, passwords should be changed immediately to keep your data safe, especially if any one password was used to protect multiple accounts.
Knowing this, it’s alarming that almost two out of three people worldwide have never checked to see if their email address had been involved in a data breach — in Japan, 78% have never checked, and in the US, 58% have never checked.
As a reminder of password best practices, follow these tips the next time you change your password… which is hopefully soon!
Including personal information in your password is not a very clever idea. Cybercriminals can find publicly posted personal info on your social media accounts, which they can then use to try and guess your passwords. To create a strong password, use common sense and stay away from the very obvious like “123456,” “qwerty,” and “password.” We also recommended that you avoid using the following information, which too often can be found on social media profiles:
- Your own name or the name of a family member
- Your pet’s name
- Your birthday
- Words related to your hobby
- Part of your home address
“Cybercriminals collect personal data, like login credentials, from various sources including data breaches, and sell it on the darknet for other cybercriminals to abuse,” says Luis Corrons, security evangelist at Avast. “Creating strong and unique passwords for each online account is nearly impossible, which is why people create weak passwords that are easy to remember or re-use passwords for multiple accounts. Cybercriminals take advantage of this behavior by trying to infiltrate accounts through brute force, attempting to use personal information to guess other passwords, or purchasing leaked credentials on the darknet to log into further accounts.”
How to create strong passwords
According to Luis Corrons, using a password manager is the best option to create a strong password. Unfortunately, on average only 2% of users around the world use one. If you want to use a password manager, you can download Avast Passwords here (it’s free!).
If you decide not to use a password manager, at least remember these tips:
- If possible, passwords should consist of at least 16 or more characters
- You should use numbers, special characters, and both uppercase and lowercase letters
- Avoid any words related to yourself or the service the password is protecting
Additionally, it is important to use two-factor authentication wherever possible. That way, if your password is compromised, you will be alerted if someone attempts to log into your account, allowing you to change your passwords. Remember to also use a VPN, especially on public Wi-Fi, to prevent anyone else on the network from spying on your internet activity and getting their hands on your passwords.
And last but definitely not least, install an antivirus on all of your devices if you haven’t done so already. Antivirus software detects, prevents, and removes malware, like viruses and trojans. It also blocks keyloggers, which are capable of stealing passwords.
*Avast Password online survey conducted among 18,981 Avast users globally between October 2018 and January 2019.