How secure is your password? Use the tool at the bottom of this post to find out.
Data breaches and identity theft are on the rise, and the cause is often compromised passwords. After stealing credentials, cybercriminals can use passwords to start disinformation campaigns against companies, use people’s payment information for purchases, and spy on users through WiFi-connected security cameras. We built this tool to help you better understand password security.
The best practices for creating secure passwords are:
- A password should be 16 characters or more; our password-related research has found that 45 percent of Americans use passwords of eight characters or less, which are not as secure as longer passwords.
- A password should include a combination of letters, numbers, and characters.
- A password shouldn’t be shared with any other account.
- A password shouldn’t include any of the user’s personal information like their address or phone number. It’s also best not to include any information that can be accessed on social media like kids’ or pets’ names.
- A password shouldn’t contain any consecutive letters or numbers.
- A password shouldn’t be the word “password” or the same letter or number repeated.
Not having secure passwords has its consequences, which include but are not limited to:
- After gaining access to a user’s credentials, many hackers will log into their accounts to steal more of their personally identifiable information (PII) like their names, addresses, and bank account information. They will use this information either to steal money from the user directly or to steal their identity. Identity theft can result in further financial losses or difficulty getting loans or employment.
- Lack of privacy
- For businesses, hackers can start disinformation campaigns against companies, sharing their data with competitors and storing it for a ransom1.
Compromised passwords caused 80 percent of all data breaches in 20192, resulting in financial losses for both businesses and consumers.
- Internationally, the average cost of a data breach in 2020 for businesses was $3.86 million, according to IBM. However, for the U.S, the average cost was the highest worldwide at $8.64 million3.
- In the manufacturing industry specifically, malware that stole credentials and dumped passwords created 922 cybersecurity incidents in 2020. 73 percent of these incidents were motivated by financial incentives, while with 27 percent of these incidents, the motive was espionage4.
|Top Data Compromised||Percent of Manufacturers With Data Breaches in 2020|
- If companies have a data breach caused by stolen credentials, they can lose up to three percent of their overall market value long-term. For the retail industry, this loss triples to nine percent within only 30 days of the breach announcement. According to researchers from the University of North Carolina’s Kenan Flagler Business School, this increase is due to the fact that retail customers are less brand loyal than consumers in other industries5.
Customers’ PII-related data is the most valuable data type that hackers can extract from security breaches, costing $150 per record according to IBM’s 2020 Cost of Data Breach Report.
The FTC reports that in 2019, total losses from identity theft, which can be caused by stolen passwords, totaled $92 million. The median loss from identity theft for consumers was $8946.
Aside from creating secure and unique passwords for all web accounts, there are other best practices to increase one’s digital security.
- Use a VPN: While passwords keep unauthorized users out of accounts, Internet Service Providers can still track a user’s online activity as well as their devices’ private IP addresses. The only way to hide web activity and IP addresses is to connect not directly to a public Wi-Fi network, but instead to a VPN, which stands for Virtual Private Network. Learn more about finding the best VPN, all tested by our digital security experts.
- Get identity theft protection: While a strong password can go a long way in protecting online accounts, there’s no single action that can protect a user’s personally identifiable information from identity theft. Rather, top identity theft protection software monitors key criminal and financial areas for users’ personal information.
- Install a home security system: Users can protect their homes and families by using the best home security system. See how we tested these top systems by reading our ADT Review, our SimpliSafe Review and finally our Vivint Review.
- Use antivirus software: Antivirus software scans computers, phones, and tablets for malware, viruses, ransomware, spyware, and other cyber threats.
- Use a password manager: Password managers store users’ usernames and passwords in encrypted vaults, requiring only master passwords or biometrics to log into accounts.
- Only change passwords when needed: It’s a myth that users should change their passwords in regular intervals. Rather, it’s only necessary to change passwords if the account itself is compromised, according to recent reports.
Our “how secure is your password” tool above checks users’ passwords against a database of common weak passwords. It evaluates each password based on key factors such as:
- Number of characters: The password should have at least eight to 10 passwords, but 16 to 20 characters is ideal.
- Combinations: The password should include a combination of letters, numbers, and symbols rather than a phrase. Each character has an associated numerical value, and these characters are summed to create a grand total.
- Uniqueness: The password shouldn’t be repetitive in terms of its characters, with unique combinations instead.
Using these factors, the tool scores each password and converts this score into the amount of time it would take a computer to crack this password. For example, the password “f0JB^B5sjmXl” would take a computer 34,000 years to crack.
For more information on password security and hygiene, we’ve answered the questions we get the most often.
- What is the most secure password?
- What is an example of a secure password?
- How secure is a 12 character password?
- Are long passwords more secure?
- What are the five most common passwords?
- Big Commerce. (2020). Ecommerce Data Breaches. bigcommerce.com/blog/data-breaches/
- ID Agent. (2020). Ecommerce Data Breaches. idagent.com/blog/10-password-security-statistics-that-you-need-to-see-now/
- IBM. (2020). Ecommerce Data Breaches. ibm.com/security/data-breach
- Verizon Enterprise. (2020). 2020 Data Breach Investigations Report. enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf
- UNC | Kenan-Flager. (2015). Risky business: The impact of data breaches.
- FTC. (2020). Consumer Sentinel Network. ftc.gov/system/files/documents/reports/consumer-sentinel-network-data-book-2019/consumer_sentinel_network_data_book_2019.pdf
Liquid Layer Networks
Global Web Hosting, Domain Registration, and Internet Services