With the rise in social media usage, online streaming, and e-commerce app culture, it’s no surprise that we’re managing more online accounts than ever. Having an online account almost always means having a password that goes with it. Unfortunately, the prevalence of compromised passwords is increasing as well.
A compromised password is one that’s stolen. Then, it can get leaked to people trying to steal personal information from your account.
According to software security company Norton, in 2022, hackers exposed 24 billion passwords. Over 80% of those breaches happened because of reused, weak, or stolen passwords.
Often, these passwords contain highly sensitive personal information. This can include addresses, bank information, and even social security numbers. That’s a lot of sensitive information in the hands of thieves.
In this article, we’ll discuss the most common ways passwords become compromised and how you can best avoid these pitfalls. Ready to level up your password security? Let’s dig in.
How and why are passwords compromised?
There are various ways in which passwords can become compromised. Each method has the same goal of getting to your credentials.
Data leaks and similar instances can put personal information into the hands of identity thieves. E-commerce websites are some of the biggest targets, as they often have sensitive information like credit card numbers.
Dealing with identity theft and its aftermath is a frustrating process that no one wants to take part in. So, it’s crucial to protect your passwords and other important information in every way possible.
Here’s a quick breakdown of the most common ways passwords become compromised.
- Data breach: A data breach is when password data from the company you’ve made an account with becomes compromised.
- Phishing: Cybercriminals may pretend to be a reputable site and then send you a link to click. They may also try to trick you into giving them your login information. This is a practice known as phishing and commonly occurs over email.
- Poor password practices: Reusing passwords or variations across accounts is an example of poor practices. Avoid having less than 12 characters in your passwords, and don’t make your password easy to guess.
- Including personal information in passwords: This goes together with poor password practices. Including personal details in passwords can make it easier to get into other accounts. This is especially true if that personal information is the answer to a password security question.
- Poor password and data management: Passwords become compromised when not stored correctly. Avoid storing your passwords in a spreadsheet, document, or browser password manager that isn’t secure.
Who is in danger of a password breach?
Password breach is, unfortunately, more common than most people would hope. Password breach comes from website security issues and poor password hygiene. For instance, did you know that only 12% of people don’t reuse passwords across different accounts?
If one or more of these descriptions includes you, you may be in danger of a password breach:
- Those with accounts on cyber-insecure websites
- People who reuse passwords or use variations of the same password
- People who include personal information in passwords. This is especially if that information answers security questions on other websites
- People who don’t know how to verify whether a website is real or a phishing spoof
- Individuals who don’t store their passwords securely
- Those who use passwords that are easy to guess
- People who don’t use two- or multi-factor authentication
- Individuals who don’t update their apps, computers, or devices regularly
How to tell if your password got compromised
Sometimes hackers and scammers can strike out of the blue and leave you caught off-guard. Luckily, there are some ways to know if you have a compromised password. Staying aware of these items will help you if you ever encounter a password breach.
- You get a data breach notification from someone you have an account with. This message should arrive via the email address you used to create your account. It’s also a good idea to periodically check your promotions and spam folders. Then, you’ll see if these notifications accidentally wind up in the wrong place.
- Activity on your account that you don’t recognize. For example, compromised social media accounts may lead to posts you didn’t make. You may also find data in your business’s data ops flow that’s way off the mark.
- Your password manager indicates that you have a compromised password. Most browsers, including on mobile, have built-in password managers. These managers can tell when your password is no longer secure. Higher-quality password managers will notify you immediately when you have a compromised password.
- There are purchases that you don’t recognize on a credit or debit card associated with an online account. This is something to keep a very close eye on. These purchases could mean that highly personal information, like your social security number, is at risk.
- You’ve received an email or text message about resetting your account password when you haven’t taken a password reset action.
- A sharp increase in spam emails, phone calls, text messages, or all of the above. This increase may not be a password breach, but it’s a big red flag when paired with one or more of the above.
What to do if your password gets compromised
You can do several things if you find yourself with a compromised password. Your next steps are going to depend on the password that’s compromised. The important part is not to panic. Follow these steps to reduce your compromised password impact.
- Change your password(s). This step is the most obvious thing to do first. If you reuse passwords, change all of them. Use a secure password manager if you’re worried about password strength and memory.
- Enable two-factor authentication. Two- or multi-factor authentication will help keep your account secure. Two-factor authentication verifies your identity in a way that password submission can’t.
- Delete your account and pivot to a more secure service. If your password was for software containing sensitive information, consider replacing it altogether. For example, if your website password gets compromised, move to a web host with stronger cybersecurity.
- Closely track your credit or debit card activity. If anything suspicious happens, contact your bank immediately.
- Consider identity theft protection services if there’s sensitive information on the account. These services will vary based on the compromised account.
Protect your password: 6 tips and tricks for better digital security
Data leaks and password hacks can be scary regardless of being a consumer or a business. Luckily, there are some things that you can do to protect your passwords better. This will ensure that you protect your information and your customers’ information.
1. Create strong passwords
When making new passwords, it’s essential to consider their strength. A stronger password is going to be harder to guess. This prevents hackers from accessing your information.
Strong passwords are at least 12 characters in length. They contain a mix of uppercase letters, lowercase letters, numbers, and special characters.
Try to avoid patterns across your accounts, like rotating through the names of pets that you’ve had. In general, don’t use anything that gives away personal information.
2. Invest in a password manager tool
Investing in a well-reviewed password management tool is one of the best ways to improve digital security. Password management tools create long, complex passwords for each of your accounts. This makes them harder to guess and get into, so you can rest assured.
Password management tools can help with website accounts, from social media to business software. They’ll also store your passwords securely. Then, you don’t have to worry about remembering which complex password goes with what account.
Besides creating complex passwords, password managers will also inform you if a specific site has a data breach. Many password managers can also let you know if your password gets compromised and will help you act. Catching this information early will help prevent fraudulent activity on your accounts.
3. Delete old accounts
If you have accounts with sites that you don’t use anymore, delete them. Deleting old accounts will give you peace of mind and keep irrelevant emails from clogging your inbox. It’ll also help with hackers, bots, and insecure sites leaking personal, sensitive information.
Especially take time to purge old inactive accounts if you reuse passwords. If you’re using the same password on active accounts containing sensitive data, it could be at risk.
Deleting old accounts is one of the most time-consuming ways to enhance digital security. It entails going to each website and unsubscribing, which can be a pain. However, it’s worth it to look into what you aren’t using and act accordingly.
4. Be cautious when sharing passwords
If your family member or team uses an account with a shared password, ensure you all have a conversation about digital security. Consider having an account without sharing a password, if possible. The best way to avoid problems with a shared account is to avoid having one in the first place.
Limit your “password bubble” to as few people as possible to cut the risk of hacking. Do your best to keep sensitive personal information off the account in general.
If you’re a business using a personal account, consider moving to a business account. Websites usually build business accounts for many users so that certain information can remain private to some or all users.
5. Make sure your business tools are secure
When thinking about your business’s security, you may have credit card readers in mind. It’s still imperative to look at other aspects of your business. Your team’s and customers’ personal information is all over your business tools.
You may know already to double-check your website’s security measures. Making sure that items like job schedulers and other software are secure and legitimate is a good step toward digital security.
This security is critical with any tool with your customers’ information. Only use well-known credit or debit card processing software with firm security standards.
6. Enable two- or multi-factor authentication when possible
Two-factor authentication is when you’re prompted to answer a login notification on your phone or email. This happens after you initially put in your password. Depending on the system, they may ask you to enter a code sent to you, click on a link, or answer a push notification. This action is to verify your identity.
Many websites hosting online accounts offer built-in two-factor authentication options. This is because two-factor authentication helps dissuade hackers and bots. You should take advantage of this. Two-factor authentication builds a significant barrier between your data and cybercriminals.
The importance of digital security: Why an exposed password is so risky
Digital security seems easy to gloss over when you have so much to focus on in your day-to-day life. You should treat it with the utmost importance, though. Not engaging in good password practices can cause real-life problems. The problems and their aftermath are difficult and time-consuming to solve.
Let’s illustrate an example: Suppose you run a business with a remote team. Each team member uses their password for your company’s workflow software. One member of your team’s password gets compromised — now, hackers can access their account. From there, they get the first and last names of everyone who works with or does business with you.
Once individuals have personal information, it can cause a lot of problems. One compromised password can result in fraudulent activity that misrepresents your business. In the worst-case scenario, you become a victim of identity theft. These consequences are why digital security must be a priority.
Password breaches can be scary, but there are simple methods you can use to prevent them from happening to you. Remember to use best password practices. Ensure that any tool you invest in, like a password manager, is well-reviewed by a reputable company.
For more on tech and data news, trends, and cybersecurity reviews, Login Lockdown can give you all the latest.