Passwords Remains A Prime Target for Cybercriminals

Passwords serve as the foundation of our digital lives, but they also serve as the gateway for cybercriminals to hack into sensitive personal information. Considering their essential function, passwords remain a prime target for increasingly sophisticated cybercriminal attacks. Therefore, taking proactive measures to safeguard accounts and personal information is imperative. To mark World Password Day on May 2nd –highlighting the essential role passwords play in protecting our lives online – Kaspersky experts are providing essential tips to enhance password security, ensuring that users data stays out of the hands of attackers.

Weak and simple passwords have always been an attractive target for scammers as cracking them gives criminals access to multiple types of data – personal data, financial information, medical records etc. Kaspersky telemetry indicates more than 32 million attempts to attack  users with password stealers took place in 2023, this followed more than 40 million incursions in 2022. These alarming statistics highlight the need for users to create strong, unique and varied passwords for different accounts. This way they can mitigate the risks of cyber threats and maintain personal security online.

To enhance password security, Kaspersky experts recommend the following steps and practices:

The ‘association method’ helps create strong and memorable passwords
The association approach involves creating a password from a sequence of words or ideas that have personal significance but are not easily guessable by others. A password can be based on a favorite quote, a memorable song lyric, or a unique combination of objects. This technique generates strong passwords without requiring complex memorization, helping to maintain security while reducing the risk of forgetting. For example, a phrase “I first visited Paris in 2008” could be transformed into a password “IfvPin2o:o8”.

Are regular passwords too boring? How about emoji?
If using the same password everywhere becomes too much and you lack the imagination to make up something new, emoji-passwords could be a non-standard and safe option. Since they are a part of the Unicode standard, it is potentially possible to use them as passwords. One of the most significant pros is that scammers cannot brute-force emoji-passwords, since various tools and dictionaries can’t crack combinations like these. More detailed information on how to set up an emoji password and the necessary requirements is available here.

The most obvious option is not the safest one
Using common passwords or default values such as “1234”, “password” or “admin” could make personal data and accounts vulnerable to scammers, since they use automated tools to guess the correct combinations. It may take several seconds to find the right answer and gain access to personal data. A strong and complicated password includes a mix of letters, numbers, and symbols, while avoiding personal information such as names or birthdays. Additionally, there are online public free services that allow everyone check how strong their passwords are to mitigate possible risks.

Old, but gold: one account – one password
This practice ensures that if one account is compromised, others remain secure. By creating a unique password for each account, you minimize the damage a hacker can do if they manage to steal one. This approach isolates security breaches and helps protect sensitive data. According to a global survey, the average user has approximately 8 accounts. Remembering even 2-3 long and complicated passwords (containing up to 15 symbols) could be impossible for the majority of users. In this case is both safe and useful to shift the responsibility of remembering all the passwords to a security solution, such as Kaspersky Password Manager.