One of the security recommendations we give frequently is to have strong, unique passwords for each of your online accounts because your password can get cracked almost instantly. A new table of password data from the cybersecurity firm Hive Systems demonstrates exactly why this is such a cornerstone of internet safety.
The table shows exactly how much time it would take for hackers to brute force their way into an account depending on the number of characters, and the combination of numbers, upper and lowercase letters and symbols used in a password.
Due to the increased use of artificial intelligence and other sophisticated methods currently being employed by threat actors, hackers can break into many passwords almost instantly. Any password combination that only contains four characters doesn’t stand a chance, and any password that doesn’t also use symbols are easy targets for hackers
Stronger passwords are needed
The strongest options are longer, very complex passwords that are between 14 and 18 characters that also contain a variety of numbers, upper and lowercase letters and symbols. These passwords could take potentially billions of years to crack according to the password table.
The password table does assume that the hackers in question are working from a “black box” situation where they are starting from scratch to crack your password, which would show the maximum amount of time. If your password has been reused on other sites, or compromised in a previous data breach, it is obviously much easier to crack.
How to create stronger passwords
First, use the Leaked Password Checker to see if any of your current passwords have been breached and if they have, update them immediately. If you’ve been reusing passwords across sites, now is the time to stop doing that altogether and change those as well. It’s a bad habit and it’s putting you – and your accounts and data – at risk.
Stick to creating your own passwords and make sure you follow the recommendations of the Hive Systems password table. Make each password 14 to 18 characters long, with numbers, upper and lowercase letters and symbols. Many people like to use a phrase or a sentence to help them remember their passwords too.
If you don’t want to remember all of your passwords, you can save yourself the hassle by getting one of the best password managers. It will help keep your accounts protected by giving you a place to securely store all of your credentials. Some online accounts will also let you set up a passkey or use a biometric login as well.
Phishing is like fishing for your password
Phishing attacks aim to steal or damage sensitive data by deceiving people into revealing personal information like passwords and credit card numbers. You want to make sure you know the common signs of phishing scams and don’t share your passwords with anyone – especially not over social media, the telephone or in unexpected emails or texts. Most companies will never ask for your password, and you should be suspicious of anyone who requests it.
Common types of phishing attacks
Cunning communication
Attackers are skilled at manipulating their victims into giving up sensitive data. They do so by concealing malicious messages and attachments in places where people are not very discerning, such as in their email inboxes. It’s easy to assume the messages arriving in your inbox are legitimate but be wary—phishing emails often look safe and unassuming. To avoid being fooled, slow down and examine hyperlinks and senders’ email addresses before clicking.
Perception of need
People fall for phishing because they think they need to act. For example, victims may download malware disguised as a resume because they’re urgently hiring or enter their bank credentials on a suspicious website to salvage an account they were told would soon expire. Creating a false perception of need is a common trick because it works. To keep your data safe, operate with intense scrutiny or install email protection technology that will do the hard work for you.
False trust
Bad actors fool people by creating a false sense of trust—and even the most perceptive fall for their scams. By impersonating trustworthy sources like Google, Wells Fargo, or UPS, phishers can trick you into taking action before you realize you’ve been duped. Many phishing messages go undetected without advanced cybersecurity measures in place. Protect your private information with email security technology designed to identify suspicious content and dispose of it before it ever reaches your inbox.
Emotional manipulation
Bad actors use psychological tactics to convince their targets to act before they think. They build trust by impersonating a familiar source, then creating a false sense of urgency. Attackers exploit emotions like fear and anxiety to get what they want. People tend to make snap decisions when they’re being told they will lose money, end up in legal trouble, or no longer have access to a much-needed resource. Be cautious of any message that requires you to “act now”—it may be fraudulent.
More types of phishing attacks
The most common form of phishing, this type of attack uses tactics like phony hyperlinks to lure email recipients into sharing their personal information. Attackers often masquerade as a large account provider like Microsoft or Google, or even a coworker.
Malware phishing
Another prevalent phishing approach, this type of attack involves planting malware disguised as a trustworthy attachment (such as a resume or bank statement) in an email. In some cases, opening a malware attachment can paralyze entire IT systems.
Spear phishing
Where most phishing attacks cast a wide net, spear phishing targets specific individuals by exploiting information gathered through research into their jobs and social lives. These attacks are highly customized, making them particularly effective at bypassing basic cybersecurity.
Whaling
When bad actors target a “big fish” like a business executive or celebrity, it’s called whaling. These scammers often conduct considerable research into their targets to find an opportune moment to steal login credentials or other sensitive information. If you have a lot to lose, whaling attackers have a lot to gain.
Smishing
A combination of the words “SMS” and “phishing,” smishing involves sending text messages disguised as trustworthy communications from businesses like Amazon or FedEx. People are particularly vulnerable to SMS scams, as text messages are delivered in plain text and come across as more personal.
Vishing
In vishing campaigns, attackers in fraudulent call centers attempt to trick people into providing sensitive information over the phone. In many cases, these scams use social engineering to dupe victims into installing malware onto their devices in the form of an app.
Lastly, enable multi-factor authentication on all of the accounts you can; it can make a huge difference in keeping them and the data they contain protected if all else fails.
Source: tomsguide.com©
The 10 Most used Passwords Of 2025:
Source: CompariTech©
Discover more from TUTORING YOU
Subscribe to get the latest posts sent to your email.
