Unique and Strong Passwords

A strong password is crucial to safeguarding your online accounts, as it is the first line of defense against unauthorized access. 

However, relying solely on a strong password can leave your accounts vulnerable. 

Without additional protection, such as two-factor authentication, your password is the only barrier between your account and potential hackers. 

Additionally, if your strong password is not unique and is exposed to a data breach, other accounts using the same password will be at risk. 

It’s essential to prioritize online security using strong, unique passwords and additional security measures like Two-Factor Authentication (2FA).

How safe is your password?

On this page, you will learn:

– Why it is so important to use a unique and strong password.

– What makes a password strong and how to create strong passwords.

– What are password managers, and what are the knowledge and good practices you should follow.

Table of Contents

Important notice: Do your research.

Our content is intended to be used and must be used for informational purposes only. It is not intended to provide investment, financial, accounting, legal, tax, or other professional advice.

It is essential to research and verify any information you find on this website or any other website.

How to Create Strong Passwords

A password is a combination of numbers, letters, and symbols that should be difficult to guess but easy to remember.

And here lies the problem… because we often use passwords that are easy to remember but not safe enough.

If you want to know how safe your passwords are, the Hive Systems password table gives you a very clear overview of your passwords’ safety based on their complexity.

Time it takes a hacker to brute force a password.

If you are committed to keeping your accounts safe, your passwords should include all of the following:

Numbers

Lowercase letters

Uppercase letters: Don’t be too evident by having just one uppercase letter at the beginning of the password. Insert uppercase letters randomly within the password.

Symbols: Again, don’t be too evident by having just one symbol at the end of the password. Also, there are more symbols than ‘!’ or ‘?’, so choose some not-so-common characters for your passwords.

A minimum of 12 characters: Choose a password that is at least 12-15 characters long and uses a combination of uppercase and lowercase letters, numbers, and symbols. Avoid using common phrases, dictionary words, or easily guessable information like your name or birthdate.

For example, a strong password would be ‘7&Y8%rTo!B3’. A brute force attack would take 34 years to breach this password.

But note that having a strong password is not enough to protect your accounts because there are risks and threats that even the most robust password cannot prevent. 

What Your Password Should Never Contain for Strong Online Security

To make sure that your password is strong and secure, here are some things that it should not contain:

Personal information: Your password should not contain personal information, such as your name, date of birth, address, phone number, or any other identifiable information that someone can easily find.

Dictionary words: Using dictionary words or common phrases makes your password easily guessable by hackers who use automated tools to crack passwords.

Sequences: Avoid using sequences of letters or numbers like “123456” or “qwerty” as they are familiar and easily guessable.

Repetitive characters: Don’t use repetitive characters like “aaaaaa” or “111111” as they are also easily guessable.

Simple substitutions: Using simple substitutions like replacing “o” with “0” or “e” with “3” does not add much complexity to your password and can be easily guessed by hackers.

Common patterns: Avoid using patterns such as “abcd” or “qwertyuiop” as hackers can easily guess them.

The Consequences of Not Using Unique Passwords

– Knowledge –

You must know what a data breach is and how it affects you.

After a data breach, even the most robust password will not be safe if you have used it for multiple accounts

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, or unauthorized disclosure of personal data.

If you use a username and password to log in to a website, and that website has a data breach, the username and password you used on that website may have been compromised. And it may now be in the hands of many malicious people.

And if you are using the same compromised username and password to log in to other of your accounts, those accounts are at risk of being breached by those malicious people.

Imagine losing several of your digital accounts because someone got your password and took over your accounts.

If you want to know if your emails or passwords have been part of a data breach and made public, look at the haveibeenpwned.com website.

Email data breach.

So, to prevent the risks of using the same password for many accounts, you are in this non-ideal situation:

– You need to create and remember a strong password for each one of your accounts.

– You have 30+ accounts, so how to remember 30+ complex passwords…

One option is to create unique passwords, take note of them in, for example, a sheet of paper and store that sheet of paper in a very safe place as a backup method in case you forget one or more passwords.

This may not be suitable for everyone because you still need to remember many complex passwords to log in to your accounts. And if you forget one and you are not near where your backup method is, you will not be able to log in.

The other option is to use a password manager.

What To Do After a Password Breach

If you suspect that your password has been compromised or there has been a data breach, here are some steps you can take to protect your accounts and personal information:

Change your password: As soon as you suspect a breach, change your password immediately for the affected account(s). If you have used the same password for multiple accounts, change them too.

Enable two-factor authentication: Enable two-factor authentication (2FA) for all your accounts to add an extra layer of security. 2FA requires you to provide additional information (e.g., a code sent to your phone) to access your account, making it more difficult for someone else to access it.

Review your account activity: Check your account activity log to see if there has been any suspicious activity, such as unauthorized logins, changes to your profile, or messages sent from your account. Report any suspicious activity to the media platform.

Check connected apps: Check for any connected apps or services with access to your social media account and revoke access for any that you do not recognize or use.

Notify your contacts: If you suspect that your account has been compromised, notify your contacts to be cautious of any messages or links they receive from your account.

Notify your bank: If your financial information has been compromised, immediately notify your bank or credit card issuer to cancel your cards and request new ones.

Run antivirus scans: Run antivirus scans on your computer or mobile device to check for any malware that hackers may have installed.

How the Scammers Will Use The Data Obtained During a Data Breach

Below we have pasted the text from an email that one of our colleagues at Crypto Safety First has received.

Our colleague purchased an item online and it is well known that the vendor had a data breach that lead to the name, surnames, email addresses, and passwords of many customers being leaked.

So this colleague knows that his data was made public. And anyone with enough cash can buy it from the dark web.

– Note that in the email we have substituted one word and added <PASSWORD> instead.

– In the email, the scammer used an old, and unique password but we are not making it public to protect the identity of our colleague.

Email title: I RECORDED YOU!

From: John Blue <JohnBlue@7422.com>

To: You

Sun 12/03/2023 15:12

Hi, today there are sadly some bad news for you.

Your device was infected with my private malware, your browser wasn’t updated / patched, in such case it’s enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more, Google: Drive-by exploit.

My malware gave me full access to all your accounts, full control over your device and it also was possible to spy on you over your cam.

If you think this is some bad joke, no, I know your password: < PASSWORD>

I collected all your private data and I RECORDED YOU (through your cam) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces and this email was sent from some hacked server.

I can publish the video of you and all your private data on the whole web, social networks, over email and send everything to all your contacts.

But you can stop me and only I can help you out in this situation.

The only way to stop me, is to pay exactly 1200$ in Bitcoin (BTC).

It’s a very good offer, compared to all that horrible shit that will happen if I publish everything.

You can easily buy Bitcoin (BTC) here: www.paxful.com , www.coingate.com , www.coinbase.com , or check for Bitcoin (BTC) ATM near you, or Google for other exchanger.

You can send the Bitcoin (BTC) directly to my wallet, or install the free software: Atomicwallet, or: Exodus wallet, then receive and send to mine.

My Bitcoin (BTC) wallet is: 14hAgJ1ZsReHU2JBJi1hk4AEyKd1YaqQ7a

Yes, that’s how the wallet / address looks like, copy and paste it, it’s (cAsE-sEnSEtiVE).

I give you 3 days time to pay.

After receiving the payment, I will remove everything and you can life your live in peace like before, don’t worry, I keep my promise.

Next time make sure that your device got the newsest security updates.

ClientMailID: 1885288

At Crypto Safety First we are aware that many other people have received the same email. 

And many people are worried because they don’t know if the email is legitimate or not.

But our colleague is not worried because:

– He did use a disposable email address with a unique password. So none of his valuable online accounts, e.g., accounts used for financial matters, are compromised.

– On his home computer and laptop our colleague uses an up-to-date antivirus and firewall, so there is a very slim chance that someone can break into any of his devices.

– Additionally, his internet browser is up-to-date and set up to prevent any unwanted access.

– The statement in the email about having video or pictures of him ‘satisfying himself’ is obviously false. If someone would have videos of him, proof would have been added to the email.

The problem here is that many people does not know about data breaches, have digital knowledge or follow digital safety good practices.

And if those people receive an email that mentions their password, a password that most probably is used for many or all the accounts they have, this may lead to panic.

And, in panic, they will do what the scammer requests.

Everybody should be aware what are phishing scams, the different types, and how the social engineering techniques are used to force people to act in a hurry and meet the demands of the scammers.

Phishing Scams

Phishing Scams Exposed: The Ultimate Guide
GOOD PARCTICES

Password Manager Apps - How to Create And Manage Unique Passwords

Password managers are considered one of the most secure ways to protect passwords.

Through a password manager, you can create unique and very safe passwords for all your accounts without having to memorize each one of them. 

This way, when an application or website requests login details, you need to reach your password manager, provide the master login credentials, and the password manager will take care of the rest.

While having all your passwords managed by one single application sounds good, you must be aware of two primary considerations:

– All your passwords are stored in one location: And your digital safety knowledge and the digital safety good practices you follow are crucial to keeping the password manager app safe.

– Without the master password and the 2FA, you will not be able to access your password manager. So, a password and 2FA backup strategy are highly advisable. 

To save you some research time, we have listed below the three most popular and best-rated password managers. The three of them have three essential features that are a must-to-have for any password manager:

– The password manager must have Two-factor authentication (2FA).

– The password manager must have a zero-day policy, so nobody apart from you can have access to any data on your password manager app account.

– The password manager includes password vault backups.

And the three of them have very similar pricing, which is quite affordable for most pockets. 

So, if you have your mind and decided to have a password manager, you may consider the following:

– Open an account for one of the password managers

– Explore all the features during the 30-day free trial

– If unsatisfied, close the account and repeat the same process with the following password manager.

LastPass

Easy to use and one of the most popular and best rated password managers.
PASSWORD MAANAGER

1Password

A full scope password manager solution for individuals, familes and organizations.
PASSWORD MANAGER

Keeper

A complete cross-platforms password manager with excellent ratings.
PASSWORD MANAGER

Enhance Your Password Backup Using Invisible Ink

If you prefer to keep your passwords noted on paper, you may consider adding an extra layer of security against intruders.

There are some tricks you can apply, like using invisible ink, that will protect your passwords even if your paper backup is discovered.

If you would like to know more about invisible ink and to use it, we have written a whole post about this topic.

Invisible Ink

Enhanced security for your passwords and secrets
GOOD PARCTICES

Passwords Frequently Asked Questions

The questions from others are windows to knowledge that we may need, but we never consider what we missed.

How Often Should I Change my Password?

You should consider changing your password if:

– Your password has been part of a data breach

– If you suspect someone is using the password to access your accounts.

– If malware or phishing software has been installed on any of your devices

– If the password was part of shared accounts, e.g., Netflix, and you want to limit the people who could have access.

– If you had to use a public device, e.g., school computer, coffee shop computer,… to log in to your account. In this case, you should change your password as soon as possible from a safe device.

Otherwise, there is no need to change your password regularly, mainly if you use a Two-Factor Authentication (2FA).

Can Password Managers be Trusted?

In general, yes.

But choose a password manager with a proven reputation and high review scores.

If you are not using a password manager and have not decided yet if you should use one, inform yourself and give it a try.

Is it Safe to Save Passwords in a Browser?

In most cases, no.

For those people with extensive safety knowledge and who follow good practices, like using 2FA, it may be safe to save some passwords in a browser.

But for those people with no safety knowledge, saving the passwords in a browser is calling for trouble. Because sooner or later, a hack, malware, or spyware will get hold of those passwords.

I Cannot Afford to Buy a Password Manager. Is There Any Other Alternative?

If you cannot afford a password manager, using two-factor authentication (2FA) is a great way to enhance your online security.

Here’s why:

Increased Security: 2FA adds an extra layer of security to your accounts, making it more difficult for hackers to gain access. Even if someone guesses or obtains your password, they would still need to provide an additional piece of information (e.g., a code sent to your phone) to log in.

Free of cost: Most online services now offer 2FA as a free security feature. You do not have to pay anything to use it.

Easy to Set Up: Setting up 2FA is relatively easy and straightforward. All you need is a phone or other device capable of receiving text messages or generating codes.

Works with Weak Passwords: If you’re using the same password across multiple accounts because you can’t afford a password manager, 2FA is especially important because it can help protect those weak passwords. If you’re using 2FA, even if someone guesses or obtains your password, they still need the second factor to log in.

Two-Factor Authentication (2FA)

Fortify Your Security With Two-Factor Authentication (2FA)
GOOD PARCTICES

Has this post been of value to you?

If the answer is yes, and you think that it will be of value to someone else, please share it:

Thanks for sharing,

and promoting crypto safety and digital security.

Are you looking for additional information about the same or similar topics?

Please, if you have one more minute, consider leaving us feedback

We would love to hear your opinion.

How do you rank the content of this page?

Is there anything else that you would like to tell us:

– Is there any other topic of your interest that we should cover?

– Is there something we should be aware of?

Please fill out the form below or send us an email to feedback@cryptosafetyfirst.com