Passwords shouldn’t be your Achilles’ heel

A finger pressing a padlock icon
(Image credit: Shutterstock)

At a time when cyberattacks are growing in both complexity and volume, cybersecurity needs to be front of mind for organizations and individuals alike. Passwords are designed to give you access to an online world while protecting your information. However, with threats looming large, this first point of cybersecurity is becoming a weak spot that can involve dire consequences if unaddressed.

About the author

Katie Petrillo is the Director of Product Marketing at LastPass.

In today’s world, we are used to being asked to login into accounts across all areas of our online world. Whether it is banking, shopping, social media browsing or even simply reading the news, passwords are ubiquitous in protecting our online presence.

While this is a basic security feature to ensure cyber ‘wrong-doing’ is limited, it can frequently become problematic. The frustrating and time-consuming task of creating secure passwords across multiple platforms and websites makes it much easier for our cyber ‘hygiene’ standards to slip and put our personal details at risk.

All too often passwords are dropping off our radar when they should be our first port of call as a cyber safety net. By ignoring the increasingly significant risks, we are willingly revealing our weak spot to cybercriminals – and exposing our own Achilles’ heel.

A minor but fatal flaw in our system

Individuals rely on easily remembered passwords for convenience, but they often make notoriously bad choices when choosing them. Despite being regularly warned about the potential threats to our online security, many continue to reuse passwords that are easy to hack with minimal effort.

Securing email accounts is crucial for staying safe online. In 2019 the NCSC reported that the most common passwords feature sequences of numbers, including ‘123456789’ and ‘1111111’. According to this year’s research, the most commonly hacked passwords continue to be ‘123456’ and ‘qwerty’. Recently, the UK government issued a ‘Cyber aware’ campaign, that stresses the importance of email security, encouraging consumers and businesses alike to use three random words to make up their password to ensure they are ”harder to hack, and even easier to remember”.

While eye-catching campaigns provide further recommendations to people and organizations, it simply isn’t enough to make us change our bad habits. We all have a role to play in our collective cybersecurity. Without individual action we will remain unable to protect ourselves, our personal information or our assets online.

An invitation for cybercriminals

Cybercriminals are opportunistic shapeshifters. They constantly change their focus and priorities in line with new opportunities. They identify weak spots and online behavior trends, while constantly evolving and refining the ways they hack our private information. With more individuals using digital devices than ever before, last year saw a 161% increase in unauthorized access to personal information offences, including hacking.

Correspondingly, 80% of data breaches are a result of weak passwords and our recent research found that 92% of individuals admitted to reusing passwords.

Some of this comes down to a lack of understanding, but there is also a lack of awareness of the real risks posed by hackers. So, it is time to turn the table. Cyber attackers thrive on their intended victims being uninformed and unaware about cybersecurity. It makes their task easier.

Creating strong passwords is such a simple task in practice, with the many password manager tools available to us. But many still choose to make themselves a target. According to the study, an 18 character password that combines numbers, uppercase and lowercase letters and symbols would take 438 trillion years to crack. In contrast, hackers can instantly crack a six-character password with the same mix of character types.

This may sound like a lot of work, but you shouldn’t even need to think about it. The risks associated to having our information stolen completely outweigh any extra effort we must put into ensuring our passwords are complex and hard to crack.

The impending catastrophe

Unlike Achilles, we are fully aware of our weak spot. There is no room for complacency at any level – be it an individual through to large scale enterprises. Do we really need to be personally impacted by having money or our identity stolen to stir us into action – or will it be a major breach that turns the tide and compels us all to act?

68% of people who reuse passwords do so because they’re afraid of forgetting them, despite 79% of respondents agreeing that compromised passwords are troubling. Control is an important factor – 52% who reuse passwords want to control all their passwords and feel that using the same password everywhere is the only way to accomplish that.

People are letting various excuses get in the way, but the cost of a stolen password would be a significant disruption to their lives in comparison to the minimal time it takes to secure themselves.

Ultimately, a good password security strategy is fundamental to protecting yourself online. Is not addressing it really worth the risk?

We've featured the best password managers.

Katie Petrillo is the Director of Product Marketing at LastPass.