Security News

Password leak on the dark web: 7 tips to strengthen your password security

Threat Intelligence Team, 13 February 2018

Avoid the most common password mistakes to protect your personal information

For most of us, the use of internet-based services is a huge part of our everyday lives. We bank. We shop. We stream. What’s the one thing all of these services have in common? Passwords. They all demand passwords.

Coming up with new and unique passwords — and then trying to remember them all — can certainly be frustrating. You might be tempted just to use the same password for everything, but that’s mistake number one. As with any good investment portfolio, diversification is key. And as the hackers get smarter, so must you. Over the holidays, as 4iQ reported, there was a massive leak of email / password pairs on the dark web.  The email / password pairs came from some big sites including Gmail, Facebook, Amazon, Yandex, and many others.

Download Avast Free Antivirus with Avast Passwords

Chances are you could be affected. Here are some tips to help strengthen your password security.  

1. Avoid the most common and obvious passwords.

Do we really have to tell you not to use the word password as your password? Apparently we do. The company 4iQ, which monitors identity-theft threats on the dark web, recently discovered a compilation of leaked email/password combinations (over 1.4 billion of them) and reported on the most common passwords. Here are the top 10 passwords:

top-10-unsecure-passwords-2.jpg

If any one of those is your password for anything, go change it. Right now.

2. Avoid the most common substitutions.

Changing password to p@ssword or passw0rd isn’t going to fool today’s cybercriminal. We don’t recommend using any common word with just a single number or symbol substitution.

3. Don’t use common paths on your keyboard.

We’ve already covered passwords like 1235678 and qwerty, but using other keyboard paths really isn’t any better, even if they look more complex. Check out 1qazxsw2 on your keyboard. It may look more complex and random, but it’s still an identifiable path. There are actually password dictionaries on the dark web that list out these common paths, which means a cybercriminal will always try them first.

4. Avoid using the same password for multiple services, especially banking and credit cards.

As we said above, you’ve got to diversify so that if someone gets one of your passwords, it doesn’t compromise all the rest. Don’t forget about linked accounts, either. If you’ve used your Google or Facebook credentials to sign in to other services, then all of them will be vulnerable should a single one get hacked.

5. Longer is better.

We’ve told you several things not to do. Now let’s talk about some things you should do. Longer passwords will be tougher to crack, especially if you mix upper- and lowercase letters and add in some numbers and symbols. Even if you just use a bunch of random words linked together — like PoloHorseFlagCanada — it for a more challenging password.

6. Consider a password manager.

Hey, we can’t remember all our different passwords, either. That’s why a password manager is a great idea. It securely stores all of your passwords, so all you have to remember is a single master password. You can even set up a password manager to create stronger, more secure passwords.  Avast offers a free password manager that goes a long way to protecting your digital life.

7. Use 2-factor authentication when it’s available.

Many online services now offer 2-factor authentication, which can prevent someone from accessing your account even if they’ve figured out your password. 2-factor authentication simply means that there’s an extra step of verification beyond just inputting your username and password. For instance, if you log in to your banking website from a new or unknown device, the bank will send you a text/email verification code before it lets you into the account. Many banks now require 2-factor authentication, while some companies like Google make it available as an option.

The bottom line is this: password security is critical, and you can not afford to be lazy when creating passwords. A little extra effort up front can prevent a lot of headaches down the road.