Until a few months ago, I was never very big on frequent password changes. I felt that if I protected my accounts with a strong password, I could basically set it and forget it. However, after talking to a security expert, I realized that password security best practices had changed. Gone were the good old days. Now, the list of companies affected by data breaches reads like a who’s who of online business. That list includes names like Ticketmaster, LinkedIn, Microsoft, and so many more. And that meant I needed to up my game.
The Leaked Passwords Problem is Huge
In a September 2024 poll conducted by The Harris Poll for Aura (a digital security company), 28% of Americans said the digital threat they feared most was identity thieves. Those concerns are justified because reports of data breaches and hacked accounts have become all too common. In fact, those breaches have exposed millions of usernames and passwords, which are readily available on the dark web. Using the same password across multiple accounts is now a high-risk proposition. That means password security best practices must change to keep up with the threats.
So how big is the problem? The granddaddy of all password leaks was RockYou2024. It involved the leak of nearly 10 billion unique passwords on a hacking forum. This massive compilation, known as the largest password leak in history, includes passwords from both old and new data breaches.
Why Does Password Security Matter?
You might not think much about passwords—except, of course, when you’re annoyed because you forgot one. Nevertheless, the facts on the subject are sobering.
- Security experts suggest changing your passwords every three to six months.
- Data breaches are now a regular occurrence, with compromised passwords accounting for over 80% of those breaches.
- The financial implications of a data breach for companies are severe, averaging over $4 million per incident. Additionally, breaches can lead to long-term reputational damage, eroding customer trust and loyalty.
- It takes an average of 194 days to identify a data breach and an additional 3 months to contain it.
Challenges of Changing Passwords Often
Okay, so the stats are pretty clear—it takes longer to identify a data breach than the 3-6 month cycle the security experts suggest. But remembering a bunch of passwords that contain upper and lowercase letters, numbers, and special symbols can be tough for us mere mortals who don’t have a photographic memory. The solution isn’t using simple passwords because those put your security at risk.
This is where password managers can help. They store and encrypt your passwords, letting you access them with one main password. They also generate unique passwords for you, making it easy to maintain strong security. In my post, Broken password syndrome – did someone steal my password?, I covered the steps some companies are taking to force users to change their passwords.
What to Do If There’s a Data Breach
If you’re notified of a data breach, act quickly. The same thing applies if you notice any suspicious activity on any of your accounts.
Change the password
Change the password for the affected account and any accounts with the same password. This stops further unauthorized access.
Secure your credit
If you haven’t done so already, put a freeze on your credit with all three credit bureaus—Equifax, Experion, and Transunion. Also, watch those accounts and your financial accounts for unusual activity. If you do find evidence of fraud, notify one of the credit bureaus to place a Fraud Alert on your account. If sensitive information is stolen, consider freezing your credit report to prevent identity theft.
How to Harden Your Defenses
Strengthen those passwords
Password security best practices now dictate that all of your passwords should be unique and complex. This means using a combination of upper and lowercase letters, numbers, and special characters allowed on that particular website. Using special characters can be frustrating due to the confusing and seemingly arbitrary rules some websites have. However, those characters are necessary to create a strong password.
Use two-factor authentication
If the term two-factor authentication (2FA) baffles you, don’t feel alone. Once again, inconsistent application by companies can make this very frustrating. However, this is an excellent way to add extra security and make it harder for hackers to access your accounts.
Trust biometric authentication
This is simply a fancy way of saying FaceID or TouchID. Fingerprints and facial recognition are being used more to log in without passwords because they’re easy for the user and they improve security. By combining these with regular password changes, you can keep your online accounts safer.
Final Thoughts
Improving your online security doesn’t have to be complicated or expensive. One easy step is to use a password manager. Many trusted options are affordable, and some even offer free basic features. Taking the time to set up a password manager can greatly enhance your protection against cyber threats. Use these tools to safeguard your personal information and feel more secure online.
Did you find this post helpful? You can find more of my scam tips on my Scams and Cons page.
Recent Comments