Some people like to joke about how much they dislike passwords and willfully use simplistic ones, like 123456, still the most common password in the world. But passwords are the key to your front door, and the internet is a busy street. Even if you think you have nothing valuable to steal, you’d still lock up, right?  

‍

Data leaks at companies or websites happen all the time. In fact, there are 2 billion unique leaked credentials for sale on the dark web right now. Threat actors can purchase them cheaper than ever, without even having to go through the bother of cracking a password. Marketplaces for stolen data and cybercrime services are plentiful, offering up an array of products and services. Social security numbers, credit card numbers, online bank logins, email account logins and more are bought and sold like commodities. Scary! Just one instance of your password in a list makes you a great data source for cybercriminals. They may use it to log into your own accounts to mine data or to reach higher value accounts through your compromised ones. Protect your privacy scrupulously so that you don’t have a price tag on your information! 

‍

Handy for cybercriminals is our human tendency to reuse passwords or duplicate them with only slight variations. Studies of leaked credentials have shown that 94% of passwords have been reused either identically, or slightly altered, at least once, often many times. 84% of us are guilty of reusing passwords. Why is this a problem? Because they will quickly gain access to many accounts using the same or similar passwords. 

‍

Threat actors know human behavior. One might even say it is their biggest talent. People are predictable. We tend to use personal information, cultural references, or keyboard patterns to create passwords. Attackers can use freely-available or paid cracking tools quickly with common words and phrases and known password lists as a starting point. Personal data is easily found online and fed in. A simple 5-character password could be crackable in seconds. 

‍

In 2025, 22% of security breaches occurred thanks to a stolen credential.  

‍

That’s really bad. Cybercriminals have the keys to your front door, and you don’t even know it. They can enter silently over and over again, without setting off alarms. 

‍

Fortunately, you can do something today to protect yourself or your business.  

‍

Set unique passwords for each and every one of your digital accounts, so if one falls into the hands of a hacker, they can’t try it—or variations of it—in other accounts. Long passwords are best; a 16-to-20-character password would take centuries to crack using today’s technology!

‍

Use a password manager such as Bitwarden or 1Password to securely store all your passwords, not your browsers, which are more vulnerable and less portable. Most password managers even have tools to look for password leaks and can sometimes alert you of potentially compromised credentials.  

‍

Enable multi-factor authentication or passkeys for all your accounts. By requiring both something you have—your computer or your phone—and something you are—your fingerprint or face—no hacker from afar can make your stolen credentials work.

‍

See this blog post as a column article in the Bennington Banner.