NewsOnline Security

Passwords – The Good, the Ugly, and the Bad

You’ve probably heard this a million times before, but one more time wouldn’t hurt: Passwords are vital for your online security. This fact applies to all your online accounts. And if you are anything like the rest of the internet users, you probably have dozens of them.

There are countless websites out there, including:

  • Social networks.
  • Streaming platforms.
  • Gaming websites.
  • Forums.
  • Cryptocurrency exchanges.
  • Cryptocurrency wallets.
  • Shopping sites.
  • Online banking sites.

The only way to protect all your accounts is with a password. Some may require two-factor authentication — an extra security layer that sends a code to your phone when you try to log in. But most of the time, passwords are your only line of defense.

In other words, a single word or phrase of your choosing safeguards all your online data. Therefore, you better pick a strong once, especially since online threats are higher than ever.

Content Overview

Password Hacking Is Everywhere

If you tend to follow security-related news, you probably know how dangerous it is to use the internet nowadays. Reports of security breaches, app vulnerabilities, website flaws, compromised databases, data dumps, and more occur on an almost daily basis.

That’s because some hacker somewhere managed to bypass the security of a website or app, and access its database.

And in some cases, hackers don’t run into any trouble or difficulty as the data they target is stored as a backup. These backups often have little to no security measures, and cybercriminals can scan the webserver or websites to locate sensitive files.

Such data includes:

  • Emails
  • Passwords
  • Addresses
  • Medical records
  • Credit card number (in some cases)
  • Phone numbers
  • Personal information “Age, Sex, Hobbies…etc.”
  • Their behavior on-site, and alike

It’s fair to assume that once a website has been compromised, all accounts are in jeopardy. That means that your password is likely stolen and in the hands of online criminals. Now, most of the time, this information is encrypted, meaning that no one can read it without a decryption key. However, some encryptions can be broken, and indeed — many were in the past. The strongest ones still hold, but not every service uses them.

Therefore, you should play it smart and use a unique password for each account. Yes, you’ll have a hard time remembering all of them, but you can use a good password manager that stores them all safely.

But if you use the same password for multiple accounts, then you must know that they are all in danger now. Hackers can either try to access them to get even more information or sell your data to other parties.

Why Would Hackers Target Me?

You may be thinking: So what? I don’t have any secrets worth stealing. Who would want to waste their time stealing my information?

Well, cybercriminals would. Your information is more important than you think, and hackers can do a lot of damage if they steal it.

They might break into your bank account and take all of your money. And if they collect enough data, they can even steal your identity. You don’t have to be a top CEO or government official to be a target. In fact, anyone can be a victim of cybercrime.

Hackers steal your data to make a profit, either by taking money from your account or by selling your personal information to marketing firms. The companies then use these stolen emails to send spam mail and customized ads to users.

Furthermore, they can use such data to commit fraud. Credit card fraud is the most common form, where scammers use your identity to get a new credit card. They would then spend the money, and leave you to deal with the bill. A similar thing can happen if they steal your credit card, and quickly go on a shopping spree before you have the time to cancel it.

Information is valuable on the internet, and if you need proof of how dangerous the web is nowadays, check out the following statistics from 2018-19.

Data Breaches From 2018-19

Each year is marked by new and improved hacking attacks, often leading to significant data breaches and security incidents. 

In January last year, there were 115 cyberattacks, with the largest one hitting a healthcare management organization in Norway. The attack affected 2.9 million patients. In February, that number climbed to 133.

But one of the biggest hacks last year was the attack on Marriott hotels, where it was discovered that hackers have been infiltrating the system since 2014. During that time, they stole details of 500 million hotel guests.

Some other prominent hacks from last year include:

  • Travel booking site Orbitz hack, where hackers stole 880,000 payment card data.
  • Federally-funded active shooter training center suffered a data breach that exposed the personal data of thousands of US law enforcement officials.
  • 340 million records were stolen from an Exactis-run server.
  • Adidas suffered a data breach which resulted in the theft of contact data, usernames, and hashed passwords.

The number of monthly attacks in 2018 grew by nearly 30% from 2017, with the percentage likely to increase in the coming years. Moreover, reports claim that new phishing attacks are evolving in 2019, while ransomware attacks, which were popular in previous years, are dropping. 

Additionally, Clark School study at the University of Maryland reported in late 2018 that there is a hacking attempt every 39 seconds, on average. This affects one in three Americans each year, and the main reason behind this is non-secure passwords.

Cybercriminals also often tend to use something known as ‘’brute-force attacks.’ This method accesses unencrypted passwords by attempting any possible combination with the hope of eventually guessing correctly. And, as I mentioned earlier, weak encryptions are vulnerable.

“Our data provide quantifiable evidence that attacks are happening all the time to computers with Internet connections. The computers in our study were attacked, on average, 2,244 times a day.”

Michel Cukier, University of Maryland

Your Password Is Your Privacy

Your password is all that stands between your privacy and online criminals. Therefore, you must create a strong one.

Most people make a grave mistake and use passwords that are easy to remember. Think about it: if it is easy for you to remember, don’t you think that it will be easy to hack? Besides, those simple passwords are much more common than you may think.

We all like to think that we are unique in our way of thinking, but statistics show that thousands or even millions of people tend to use the same passwords. Here are some examples:

  • 123456
  • 12345
  • 123456789
  • Password
  • Qwerty
  • Your birthday
  • Your pet’s name

Now consider this: you probably posted a photo with your dog on Facebook or Instagram, right? Did you mention the dog’s name? Boom, password guessed.

The same social media platform probably shows your birthday as well. Therefore, you must avoid the obvious and common ways to create a password and be more creative.

A secure password must be much stronger than that, which leads us to our next point.

How to Generate a Secure Password?

There are several measures you could take to create a secure and sturdy password:

1) Make a long, complex password

Short, simple passwords are indeed easy to remember. But unfortunately, they are also easy to crack. That is why it’s best to make a long and complicated code.

If you do it right, even a short, six-letter password can be good enough. However, a lengthier entry is even more challenging to guess. When making a password, you should use uppercase and lowercase letters on your keyboard. Add numbers and symbols. Use numbers like 1 to replace the letter I. Use $ to replace S. Add a dash, put question marks between words, make it as complex as you can.

2) Use a password generator

The human mind is the most powerful tool on the planet. But, if you try to think of a secure password (or a joke when someone asks for it), your mind can go completely blank. If this happens to you, don’t worry — it is perfectly normal.

After all, we tend to think logically and in patterns. As a result, it is difficult for your mind to come up with a nonsense password that would be difficult to guess. Luckily, there’s a little something called a password generator that can do it for us. 

You’ll find plenty of similar services online, and most of them are free, including Awesome Password Generator, KeePass, Random Password Generator, and PWGen. I once used this password generator, and no one has ever got past it yet.

3) Use the first letter of a sentence

Another exciting way to make a secure password is to think of a sentence — one that you are sure you can remember. It could be a line from a book, movie, show, game, or another source. Then, use the first letter of each word to create a password. You can even go backward with this trick and create your password from end to beginning. Also, use numbers or symbols instead of some letters, as I mentioned before.

There is a lot you can do to make your password impossible to guess, and some of these methods can be quite fun, too. But, the main problem here is if you have many accounts, which you probably do. That will make all these complex passwords hard to memorize, which is why it’s better to have a password manager.

How to Check If Your Password Is Secure?

You should know by now how to make a robust and secure password. But, how can you be sure that you created one that is hard to crack? Well, that’s what password checkers are for.

This is another piece of software that you can find and download for free. Alternatively, some password managers have it integrated into their app, so you don’t have to go anywhere else to check the strength of your password. If the meter is green, congratulations — your password is top-notch. If it is red or orange, it’s back to the drawing board.

You can quickly check the strength of your password by typing it into this tool. The service will make an instant assessment of your password’s strength, and notify you if it is strong or weak.

It is also smart to regularly change your passwords, at least once every few months. There is always a chance that an old password of yours got stolen in a security breach, with so many of them happening almost all the time. And make sure you do not reuse old passwords.

How to Know If Your Password Was Hacked?

It is not pleasant to learn that your password was hacked. But, it is always better to know so that you can take action.

As I mentioned, there are ways for you to check whether or not your password was stolen, and one of the most natural methods is to use the website called Have I Been Pwned? It is a website run by security researchers, and whenever hackers dump a large amount of data online, they check it and add it to their database of stolen credentials.

Go to the website and type in your email. After a quick search, you will see if your email was ever affected by a hack. There will be other information, such as the name of the compromised website, as well as the date when the hack happened. 

You can also subscribe to alerts from the website by clicking on ‘Notify me when I get pwned.’ That way, if your email comes up in any future data dumps, you will be instantly notified, and you will know that you must change your login credentials immediately.

Of course, there is more to it than just this, as not all password hacks and stolen databases end up on ‘Have I been Pwned.’ You might also want to keep an eye out for:

  • Suspicious credit card activity.
  • Emails asking you to reset your password.
  • Emails about new sign-ins into your accounts. Netflix, Google, Apple, and other similar services automatically send email alerts about new logins.
  • Messages concerning services you did not enroll in.

Use a Password Manager

Password managers are easy-to-use programs and apps that store all of your passwords. And to keep your entries secure, these apps require codes to open. That way, if someone steals your phone, they won’t have access to your passwords, i.e., all your accounts.

Inside, you will have the option to store websites, emails, and passwords. Most password managers will automatically record any changes or new login credentials when you make a new account, so you won’t have to do it manually.

Not only that, but they also have autofill function, meaning that they will automatically fill out your login credentials as soon as you visit the login page. They usually come in the form of a browser extension and are very easy to set up. 

A lot of them also offer password generators, alerts for when your account is compromised, and more. And, if you think that using one will cost a fortune — think again. Many of them have free versions that do come with some limitations, but you won’t notice the difference.

Alternatives to Passwords

Even with robust and secure passwords, many might feel that they are still not safe enough, such as big companies, for example. But it is also not unusual for tech-savvy individuals to seek better protection. If you’re one of them, you should know that there are several ways to secure your accounts.

1) Enable 2FA

Some accounts let you enable two-factor authentification (2FA) and send a code to your mobile phone via SMS whenever you try to log into your account. That way, if you ever randomly receive a code, you will know that someone is trying to break into your account. But no need to panic. Instead, log in yourself, and replace your login credentials with new ones.

A few years ago, Google developed its own 2FA Authenticator, which is an app that you can download on your phone. This app generates a new code every 30 seconds, which keeps all your accounts safe and sound.

There are other implementations of 2FA, such as:

  • If you access your iCloud account or log into a new Apple device, you need to authenticate that access from another trusted device.
  • When you log in to a new device using your Google account, you get an alert on your phone asking you to authorize that access.

2) Use a personal USB key

Another method includes personalized USB keys that serve as alternatives to passwords. They are easy enough to use: plug them into your PC, and your profile will automatically load. You will always have your USB with you, and only those who have it in their possession will be able to access your account. 

Of course, this comes with a different set of dangers, and you must make sure not to lose it. Also, make sure your USB key comes with a password so that only you can unlock it.

3) The Nymi wristband

Wearable technology is becoming increasingly popular, and the Nymi wristband looks similar to the average pedometer wristband. However, this one will measure your pulse. Since your heart’s rhythm is unique and very precise, some believe that it is a suitable replacement for a password.

You can unlock all your devices using the Nymi wristband, including the access controls of your smart home. Some even find it a great way to secure their funds and bank accounts. It might sound futuristic and far-fetched, but these things are becoming a reality with every passing year.

4) Next-gen biometrics

Our fingerprints are unique patterns that are used for identification. But there are new emerging technologies that use other unique recognition via the iris, the face, and the ear. Fingerprint scanners are a well-known technology that is available even on regular smartphones these days. Iris scanning is also a thing — first seen in movies, and then in reality.

However, some apps, such as Ergo, identify you by scanning your ear. All you need to do is press your phone by your ear, as you would do during phone calls, and your device will be unlocked.

It beats trying to remember passwords, and it is an advanced security measure. As said, other ideas include full facial recognition, and there are companies like Apple that are already using this technology.  

In some extreme cases where body parts are used for authentication and access control, the risk of being a victim of terrible crime occurs. Technology has caught up to dismembered body parts with multiple solutions.

In one scenario, for example, the authentication device does check if the finger has a pulse, to prevent the usage of a dismembered body part.


I hope you now realize the importance of passwords. A single word or phrase serves as a key to a plethora of information about you, which is why you have to take it very seriously. There are many methods to make a secure password, check its strength, and even some alternatives to it. 

Did you find this article helpful? Tell us all about it in the comment section below.

But at the end of the day, whichever method you choose, the most important thing is that you protect your privacy, and keep your data safe.

Jonathan Beesly

Jonathan is the main author at He regularly publishes posts that aim to introduce better cyber-security practices to the masses.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Back to top button