Data breaches and identity theft are on the rise, and the cause is often compromised passwords. After stealing credentials, cybercriminals can use passwords to start disinformation campaigns against companies, use people’s payment information for purchases, and spy on users through WiFi-connected security cameras. We built this tool to help you better understand password security.
Pro Tip: We recently rolled out a new password generator tool that will help you create super secure passwords in a snap!
How To Create Secure Passwords
The best practices for creating secure passwords are:
- A password should be 16 characters or more; our password-related research has found that 45 percent of Americans use passwords of eight characters or less, which are not as secure as longer passwords.
- A password should include a combination of letters, numbers, and characters.
- A password shouldn’t be shared with any other account.
- A password shouldn’t include any of the user’s personal information like their address or phone number. It’s also best not to include any information that can be accessed on social media like kids’ or pets’ names.
- A password shouldn’t contain any consecutive letters or numbers.
- A password shouldn’t be the word “password” or the same letter or number repeated.
Why Is Password Security Important?
Not having secure passwords has its consequences, which include but are not limited to:
- After gaining access to a user’s credentials, many hackers will log into their accounts to steal more of their personally identifiable information (PII) like their names, addresses, and bank account information. They will use this information either to steal money from the user directly or to steal their identity. Identity theft can result in further financial losses or difficulty getting loans or employment.
- Lack of privacy
- For businesses, hackers can start disinformation campaigns against companies, sharing their data with competitors and storing it for a ransom1.
The Impact of Stolen Passwords
Compromised passwords caused 80 percent of all data breaches in 20192, resulting in financial losses for both businesses and consumers.
Impact on Businesses
- Internationally, the average cost of a data breach in 2020 for businesses was $3.86 million, according to IBM. However, for the U.S, the average cost was the highest worldwide at $8.64 million3.
- In the manufacturing industry specifically, malware that stole credentials and dumped passwords created 922 cybersecurity incidents in 2020. 73 percent of these incidents were motivated by financial incentives, while with 27 percent of these incidents, the motive was espionage4.
|Top Data Compromised
|Percent of Manufacturers With Data Breaches in 2020
- If companies have a data breach caused by stolen credentials, they can lose up to three percent of their overall market value long-term. For the retail industry, this loss triples to nine percent within only 30 days of the breach announcement. According to researchers from the University of North Carolina’s Kenan Flagler Business School, this increase is due to the fact that retail customers are less brand loyal than consumers in other industries5.
Impact on Consumers
Customers’ PII-related data is the most valuable data type that hackers can extract from security breaches, costing $150 per record according to IBM’s 2020 Cost of Data Breach Report.
The FTC reports that in 2019, total losses from identity theft, which can be caused by stolen passwords, totaled $92 million. The median loss from identity theft for consumers was $8946.
Other Ways To Protect Yourself Online
Aside from creating secure and unique passwords for all web accounts, there are other best practices to increase one’s digital security.
- Use a VPN: While passwords keep unauthorized users out of accounts, Internet Service Providers can still track a user’s online activity as well as their devices’ private IP addresses. The only way to hide web activity and IP addresses is to connect not directly to a public Wi-Fi network, but instead to a VPN, which stands for Virtual Private Network. Learn more about finding the best VPN, all tested by our digital security experts.
- Get identity theft protection: While a strong password can go a long way in protecting online accounts, there’s no single action that can protect a user’s personally identifiable information from identity theft. Rather, top identity theft protection software monitors key criminal and financial areas for users’ personal information.
- Install a home security system: Users can protect their homes and families by using the best home security system. See how we tested these top systems by reading our ADT Review, our SimpliSafe Review and finally our Vivint Review.
- Use antivirus software: Antivirus software scans computers, phones, and tablets for malware, viruses, ransomware, spyware, and other cyber threats.
- Use a password manager: Password managers store users’ usernames and passwords in encrypted vaults, requiring only master passwords or biometrics to log into accounts.
- Only change passwords when needed: It’s a myth that users should change their passwords in regular intervals. Rather, it’s only necessary to change passwords if the account itself is compromised, according to recent reports.
How Our Tool Works: Methodology
Our “how secure is your password” tool above checks users’ passwords against a database of common weak passwords. It evaluates each password based on key factors such as:
- Number of characters: The password should have at least eight to 10 passwords, but 16 to 20 characters is ideal.
- Combinations: The password should include a combination of letters, numbers, and symbols rather than a phrase. Each character has an associated numerical value, and these characters are summed to create a grand total.
- Uniqueness: The password shouldn’t be repetitive in terms of its characters, with unique combinations instead.
Using these factors, the tool scores each password and converts this score into the amount of time it would take a computer to crack this password. For example, the password “f0JB^B5sjmXl” would take a computer 34,000 years to crack.
Frequently Asked Questions
For more information on password security and hygiene, we’ve answered the questions we get the most often.
What is the most secure password?
There’s no one password that is the “most secure”, and if there was, to write it here would make it insecure, as thousands of people would use it on their accounts. Rather, secure passwords contain a seemingly random combination of numbers, letters and symbols and include at least 16 to 20 characters.
What is an example of a secure password?
An example of a secure password is bL8%4TO&t9b%, generated by the password manager LastPass, which would take a computer 46 million years to crack!
How secure is a 12 character password?
A 12 character password is somewhat secure; however, the most secure passwords are 16 to 20 characters long.
Are long passwords more secure?
Long passwords are more secure than short passwords. We recommend using passwords that are anywhere from 16 to 20 characters long, although nearly half of Americans use passwords of eight characters or fewer.
What are the five most common passwords?
The five most common passwords are 123456, 123456789, picture1, password and 12345678, according to 2020 research from NordPass.
Password How Many People Use It? How Much Time Did It Take To Crack? How Many Times Has It Been Exposed? 123456 2,543,285 Less than 1 second 23,597,311 123456789 961,435 Less than 1 second 7,870,694 picture1 371,612 3 hours 11,190 password 360,467 Less than 1 second 3,759,315