World Password Day, created by Intel, is historically the first Thursday in May, which is Thursday, May 2 this year. The event was devised to raise awareness about how important it is to create secure passwords. Cyberthreats continue to evolve and cyber criminals are becoming more dangerous. According to Statista, the number of cyber-related crimes reported to police in Canada rose 387 percent between 2014 and 2022, and cost Canadians upwards of US$3.82 billion in 2023. It’s more crucial now than ever to protect your sensitive data and information with secure passwords, and other security methods.

While cyber criminals can access your information from e-mail, social media, and Wi-Fi networks, as we increasingly use smart devices in our homes, these can also function as portals to our sensitive information. A hack into one seemingly innocuous password for your smart fridge or video doorbell, for example, can give a nefarious individual a window into other passwords for more sensitive information. It’s important to take note of the passwords you use for everything from online banking to social media, e-mail accounts, home Wi-Fi networks, entertainment subscriptions (including movies, music, gaming, and even health data), and online shopping accounts.

Cracking Down on Unsecure Password Use

The situation has become so dire that earlier this week, the UK announced a ban on the most commonly used passwords like “admin,” “12345,” “password,” and “qwerty” to help in its crackdown on cyberattacks. As part of the law, all manufacturers of Internet-connected devices sold in the U.K. will be required to implement minimum security standards starting Monday, May 6, 2024.

Canada could benefit from measures like this as well. NordPass reported in its Top 200 Most Common Passwords report that “12345” was the most commonly used password in Canada in 2023, followed by “admin” and “password,” just like in the U.K. Even seemingly clever passwords like “keeptrying,” which ranked 11^th on NordPass’ list, can be cracked in about 11 days.

Creating a secure password can help stop cybercriminals in their tracks, or at least make it infinitely more difficult for them to crack the codes. Forbes reports in its Advisory Survey that almost half (46%) of Americans had their password stolen in the last year, leading to 68% of them having to change their passwords across multiple accounts. More than 75% said they had their personal information stolen from hacked accounts. According to Microsoft, 99.9% of threats to passwords can be stopped using multi-factor authentication. But there are lots of other methods you can employ as well.

Tips for Creating a Secure Password

How do you keep your passwords secure and create good ones? Here are some tips.

Use A Non-Sensical Password: If you can make sense of your password, such as your child’s initials followed by their birthday, chances are someone else will be able to do the same. Instead, use a non-sensical selection of letters, numbers, and symbols that don’t have any meaning behind them. Most sites nowadays require that you use passwords of a certain length with different letter cases and at least one number and/or symbol. There’s a reason for this. Even when it isn’t required, follow this rule.

Microsoft advises to use a password with at least 12 characters, ideally 14 or more, and a combination of upper and lower cases letters, numbers, and symbols to make it harder to crack. The letters should not spell any actual word that can be found in a dictionary nor a proper name of a person, product, or company.

Don’t Use the Same Password: It seems like a simple tip, but many people use the same password across multiple services simply because it’s easier to remember. Forbes found that, on average, people use the same password for at least four accounts, some even for as many as a dozen. All it takes is one breach and a hacker now has access to everything. According to Forbes, 30% of people believe their password was hacked last year because they used the same one across multiple accounts.

London Drugs in Western Canada recently shut down all its stores to deal with a cybersecurity incident. According to Global News, stores are closed “until further notice” as the investigation continues. If personal customer details were leaked, hackers may have gotten access to, at the very least, details like your name, address, even credit card number. If you used the same password for that site that you use elsewhere, it’s easy to see how that could snowball.

A cyberattack at Indigo back in 2022, meanwhile, had a debilitating impact on the retailer’s bottom line. CBC News reports that the retailer’s $50 million loss can be attributed, in large part, to that event. But from a customer perspective, if shopper passwords were compromised, that could be devastating for customers who used the same one for other services.

Use Password Apps: If remembering your passwords is a challenge, use a secure password app like 1Password or a service like Apple Keychain to keep track of them. Never, however, write your passwords down in a notebook or keep them in a non-secure Notes file on your phone or computer. What you can write down, however, are hints to help you remember the password. Seeing a simple hint only you would understand could jog your memory versus being forced to go through the “reset your password” rigmarole.

Use a Password Generator: Forbes found that only 13% of respondents have used a password generator, but these tools can be useful in helping you find secure and completely random passwords to protect your personal information. Sites like LastPass offer a secure password generator where you can even customize the length, note what parameters to include (upper and lower case letters, numbers, and/or symbols), and even if you want the generated password to be easy to say or read. Take advantage of these free services.

Create Secure Passwords for Everything: You might equate the difficulty of the password you create with the importance of the information. For example, maybe you create a very secure password for your online banking account but you’re less lax with Netflix. Don’t be. All it takes, as noted, is a hacker to gain access to one account, even the cloud account for your baby monitor or that old e-mail address you never use, and it gives them the “in” they need to find more.

Change It Often: Even when you create a secure password that meets the aforementioned parameters, it’s still a good idea to change it periodically. According to Forbes, 42% of people only change their passwords when prompted to do so. A prompt might only be sent by the company because of a perceived threat or as an annual reminder. But you should make a point to change your passwords every month or two, at least four times per year, to keep them secure.

Use Biometric Security, Multi-Factor Authentication: If available, take advantage of biometric security options like facial recognition, fingerprint ID, special patterns, authenticator apps for multi-factor authentication, and two-factor authentication to add another layer of security. Yes, this means logging into an account might take a bit longer, but the inconvenience is worth it.

Don’t Share Your Passwords: It can be tempting to share your password with someone so they can log in for emergencies, or as a back-up. But as much as you might trust someone, if they write it down somewhere, get hacked, or inadvertently share it, this puts you at risk, even if they mean no malintent. If you need to give your password to someone for a legitimate reason, never share it through e-mail, instant message, or any other non-secure format.

Only Access Websites Directly: Avoid clicking on links in e-mails or messages to log into an account. If you receive a message that your account has been compromised, or with a special shopping deal, close the message, open your secure browser, enter the URL, and log in that way. This ensures you are logging in securely and prevents you from falling victim to a phishing scam.

Anyone Can Be a Victim

Remember that password security doesn’t just apply to individuals, it’s for businesses, too, and businesses that have customers who use passwords with them.

Individual or business, young or old, services with sensitive information and ones that are just for entertainment, it doesn’t matter. Creating secure passwords is essential and necessary. Follow these tips and you can better arm yourself against cyberattacks now and in the future.

-30 –

More on Cybersecurity