Managing your passwords: “Password123” is not secure!


Passwords are the gateway to our digital life.

As we spend more time online, it is very important that we take care of our cyber security and maintain proper password hygiene.

“123456” or “password” or “password123” are not secure.

In fact, they’re a hacker’s dream, and yet they topped the list of most commonly used passwords in 2021, according to a 50-country survey conducted by NordPass.

We asked 3 cybersecurity experts how best to manage passwords and keep them safe.

Is it okay to use the same password for all websites?

Dermot Williams, Managing Director, Threatscape

No, that’s a really bad idea. You may think that a website is not that important and that nothing valuable needs to be protected.

The booking site for your local gym? A fansite for your favorite sports team? A free newspaper subscription? Surely there is nothing valuable to protect and you can drop your vigilance and reuse the same password you use for other websites? But your credentials – your email address and password – are valuable and need to be protected.

If a hacker breaks into a website and gains access to your credentials, they might consider allowing them access to other far more valuable websites such as banks, online retailers, social media, crypto brokers, or even your workplace. Attackers target all of these and more because they know they can steal money directly or indirectly through means such as impersonation or blackmail.

And thanks to automated hacking tools, names and passwords stolen from one website can be quickly compared to thousands of other websites.

The millions your bank might spend to protect their systems are wasted if someone can steal your password from another website with little or no security.

Do you recommend changing passwords from time to time?

Dermot Williams, Managing Director, Threatscape

Yes, definitely. They should “treat your password like a toothbrush” – choose a good one, never share it with anyone, and change it regularly.

The downside to this, of course, is that passwords can be difficult to keep track of, and forcing you to change them regularly will result in you developing bad habits, such as . But there are “password managers” that help with that.

Should you choose your own password or accept the “strong” password recommended by a website?

Richard Ford, Group Technical Director, Integrity36

Typically, a website will not provide or recommend a password, and in fact it is likely your device or browser that recommends a “strong” password.

In that case, I would recommend using this feature, assuming it’s your device and you have strong authentication enabled (e.g. fingerprint/face recognition).

Passwords are complex, unique, stored in a secure on-device credential store, automatically filled for you (assuming you can unlock access to the password with this strong authentication), and most importantly, you don’t have to worry about trying to remember them to remember.

Paul Donegan, Country Manager for Palo Alto Networks in Ireland

I think this is a bit of both. You should choose a password that you will remember but also has the characteristics that make it “strong” as recommended by the website you are trying to access.

The more information you have in an account, the stronger the password should be.

How can you remember all your passwords?

Richard Ford, Group Technical Director, Integrity36

The simple answer is that you shouldn’t – and you shouldn’t try.

Whether it’s for work or pleasure, we should use secure password stores or, which is more common and safest, go passwordless.

Although passwordless sounds less secure, what we really mean is using multi-factor authenticator apps like Google Authenticator, Microsoft Authenticator, etc. These apps allow you to validate your identity in real-time using a two-way process, eliminating the need for this remembers passwords and prevents your access data from being misused without your knowledge.

Paul Donegan, Country Manager for Palo Alto Networks in Ireland

For personal use: make it unique to you, a favorite saying or phrase, a number to remember.

You can also use an application like a password manager or even your favorite browser that can help manage this for you.

Is using a password secure enough, or do you recommend multi-factor authentication?

Richard Ford, Group Technical Director, Integrity36

Passwords aren’t secure enough, and haven’t been for some time.

They are unavoidable in some cases, and in these cases we should use strong credentials and always avoid password reuse, but most websites and applications allow the use of multi-factor authentication (MFA).

MFA should be the first option when it comes to authentication, and hopefully we’ll be living in a passwordless world soon enough.

Paul Donegan, Country Manager for Palo Alto Networks in Ireland

I would recommend everyone to use multi-factor authentication, especially for their personal email accounts and any applications with PII.

I’m a Mac user so I have Chrome for all corporate/work related websites/applications and Safari for all personal accounts. Whenever possible, I will use multi-factor authentication to access all of my accounts.

Dermot Williams, Managing Director, Threatscape

Microsoft, Google, and others also offer apps you can install on your phone that will ask you to confirm that you’re really trying to log into a website.

This makes it much harder for an attacker to crack the system just by knowing your password. You obviously need to make sure you keep your phone safe and don’t install questionable apps that might contain malware designed to spy on your authenticator app.

Your best bet is to invest in a small “security token” offered by companies like YubiKey; These are even more difficult for attackers to circumvent. Many large companies rolled them out during the pandemic to provide more secure authentication for people working from home because they couldn’t risk having just one password used for remote access. Many popular websites now support the use of these security tokens.


About Author

Comments are closed.