icon of two gears to show concept of expanded lessons Expanded Lesson 6 min read

How Secure is My Password?

  • Facebook
  • Twitter
  • LinkedIn
  • LinkedIn Copied link to Clipboard!

It’s generally recommended that you change your password once every three months or so, but it can be easy to forget or push it off. You may be wondering if it’s really such a big deal? Yes, it is because cybercrime is on the rise. In a 2018 survey of adults, almost 33% said they personally had experienced a hack of their social media and email accounts. This may be because up to 50% of them use the same password for multiple accounts. Read this article to help you secure your passwords and online accounts before you get hacked.

how safe is my password

What makes a secure password?

Ideally, your password should be made up of a string of random letters, numbers and symbols. Some password manager websites recommend at least 12 letters, numbers and characters.

The most common password of 2020 was 123456. This password was used by 2.5 million users. As you might guess, hackers can crack this password in less than a second. Other common passwords for 2020 included:

  • 123456789
  • Picture1
  • Password
  • 12345678
  • 1111111

These are weak passwords and can be cracked in a short amount of time. You also want to avoid using anything that would be easy to figure out such as your birthday, your spouse’s name or birthday or your kids’ birthdays.

How do hackers steal passwords?

Hackers are a creative and technologically adept bunch. There are all sorts of ways a good, or even an average hacker can crack your password. Here are some of the most common ways.

Brute force attack

A hacker will simply try to guess your username and password, often by using programs. This allows them to try many combinations of letters and numbers until they find one that works.

Dictionary attack

A dictionary attack is similar to a brute force attack, but it uses a list of passwords that have a high probability of success. They use all the most common passwords, plus passwords like popular sports teams, organization names and other easy-to-remember passwords people like to use. They often try variations of spring, summer, winter and fall in the corresponding season because they know some people do change their passwords with the seasons.


Phishing is when someone tries to get your personal information by asking you to click a link or verify information over the phone. Many cybercrimes begin with phishing attacks. These emails often say there’s a problem with your account and your response is needed, or sometimes they send you a fake invoice for something you know you didn’t order. Then they ask you to click a link. If you have any questions at all about whether an email is legitimate, it’s best to go to the company’s website and log into your account there. Don’t click anything.

Credential stuffing

Credential stuffing tests databases or lists of stolen credentials. Hackers can purchase these lists and personal information from the dark web or other illegal sources. If you use the same password across multiple accounts, they have access to all of them.

How to Create a Secure Password

These are the steps you should take to create a strong password:

  • Passwords should be 16 characters or more.
  • Use a combination of random letters, numbers and symbols.
  • Also use a combination of upper and lower case letters, LiKeThiS.
  • Don’t share passwords with anyone.
  • Don’t use passwords that contain any personal information, such as your maiden name, your address or your pets’ names. Anyone can find this information on social media.
  • Do not use the password “password” or “PaSSwOrd.” Do not use the same letter or number repeated over and over, such as aaaaa or 12121212.

You should change your passwords every so often, and don’t reuse passwords you had before. Some experts say you should change your password every three months, while others say if you have a strong password you don’t have to change it unless it’s been compromised. This is especially true if you use multi-factor authentication.

You can also use a password strength checker. These are available online and some of them are free.

What else should I do to protect myself online?

You’re probably wondering how you’re going to remember these random strings of letters and numbers for all the websites you visit. The answer is a password manager. These can keep your passwords safe in an encrypted vault, and you can change and update them as often as you like. Some password managers will fill your passwords in for you and look for weak or compromised passwords and send you an alert if it finds any.

What else should you do to keep yourself protected from online criminals?

Use antivirus software

Antivirus software will scan your computer for malware, ransomware and other security compromises.

Use a VPN

A VPN is a Virtual Private Network and using one will prevent hackers from keeping track of all of your online activity. A VPN creates a private network from a public internet connection and keeps your information hidden. Many people check their emails and surf the web using public Wi-Fi when they’re waiting for their kids, in restaurants or at coffee shops. A VPN will hide your browsing history and scramble your data so it remains private. Some VPNs are free, and some charge between $5 and $14 a month.

Don’t click on any links in emails that look suspicious

The following brands are the most likely to be impersonated in a phishing attempt:

  • Microsoft
  • DHL
  • Google
  • Roblox
  • Amazon
  • Wells Fargo
  • Chase
  • LinkedIn
  • Apple
  • Dropbox

If you get unsolicited emails from any of these companies, you should be suspicious. You could forward the email to the actual company and ask them if it’s real. If it is, they’ll contact you and if it’s not, they have a security team that keeps track of these things. If you get a suspicious email from Amazon, for example, you can forward it to stop-spoofing@Amazon.com.

Be careful with social media

It’s tempting to share personal information on social media—after all, wasn’t that what it was created for? Be careful not to post personal information that can be used to guess your passwords or steal your identity. Remember that after you post something, it’s there forever. You should still be vigilant even if your profile is set to private.

Staying safe online doesn’t have to be difficult. Use a strong, unique password for every site you visit, and use a password manager to keep track of them all. Be safe.

Related Resources

View All