5 things you should know about your passwords
Many passwords are embarrassingly easy to crack — and if you’re still relying on “12345” or “admin”, it’s time for a rethink. Together with cybersecurity expert Peter Mayer, we break down why strong passwords matter more than ever — and what you can do today to protect yourself.
1. Your password is probably very bad
If your password is “123456”, “password” or “admin”, you are not alone. “qwerty” (the first six letters on the keyboard) is not exactly rare, either. It is an embarrassing fact that we all tend to choose certain passwords more often than others. Hackers know that we also use predictable patterns when trying to make our passwords more secure. For example, people often capitalize the first letter of a password if an uppercase letter is required. Similarly, people are likely to add a digit or especially an exclamation mark at the end of passwords. (Here is a study of how we choose passwords).
2. You can check if you have been hacked
There are several free online services, that will securely check if your email or password is in a known data breach. Peter Mayer recommends for example https://haveibeenpwned.com.
Meet the researcher
Peter Mayer is an Associate Professor at Department of Mathematics and Computer Science. He is an expert in cybersecurity and digital privacy, researching ways to make both viable to use for both experts and laypersons
If you have been hacked
First thing to do is to change your passwords into new ones that are very different from the old ones. Check your email settings to see if a hacker has set your emails to be forwarded to another address.
There are a number of things, you should do, depending on which kind of account/device has been hacked. Find the guidance on sikkerdigital.dk, a service from Danish Resilience Agency (in Danish).
3. Here is how they do it
The most common method is the dictionary attack, where hackers use their own dictionary, built on past password breaches. Another common method is the brute force attack, where a program tries every possible combination of characters until it succeeds. The fewer characters you use, the faster it is cracked - six or fewer characters can take seconds. 16 characters including both numbers, symbols, lower and upper case letters will take 92 billions years. Length matters, but a random password of 12 characters is stronger than a dictionary word of 14 characters.
4. They are not interested in you personally
Hackers are rarely interested in you personally. Often, they just want access to any account, that allows them to scam the owner’s friends and contacts for money or maybe take over your account for political or activist purposes. Hackers mainly want access to your email, password manager or devices. With your email, they can reset many of your other passwords and impersonate you to scam others. With your password manager, they get access to many accounts. With your work login they can enter your employer’s systems or install malware.
5. How to remember all your passwords
The single best way to manage and protect all your passwords is to use a password manager. It does not matter much if you use a password manager built into your browser (e.g., as built into Firefox), one that is part of the OS you use (e.g., the Keyring/Password App on iPhones & Macs), or a dedicated app. Passkeys are a secure alternative, increasingly offered by banks and other organisations. They rely on cryptography that stores no secrets on a company’s server, so even if a company is breached the attackers cannot steal your login. Instead, your device verifies that you are really you by accepting your FaceID or pin code.