Take No Chances With Your Passwords What type of password manager do you need? Get started with a secure password manager today

Password Security: Are You At Risk?

Could you be exposing your personal data to hackers? We uncover the common password and security mistakes made by Americans.
Bethany Howell

Unsecured passwords can lead to data breaches and ransomware attacks – potentially leave companies having to pay a fortune. New research provides a shocking insight into just how lax Americans’ passwords are, with one in every 142 passwords being the sequence, “12345”.  

This research comes just a week after President Trump’s Twitter account was easily hacked due to poor password habits. Victor Gevers, security researcher and chair of the Dutch Institute for Vulnerability Disclosure, recently revealed that he could access the Twitter account of the president, thanks to his easy-to-guess password, “maga2020!”. 

Cyber security is a huge concern for most modern business, and it’s only getting more troubling with remote workforces. So, let’s uncover the common mistakes Americans make with their passwords, and what solutions are available.

What Password Mistakes Are People Making?

When it comes to passwords, there’s usually a common set of mistakes that pop up. The first is predictability. With all our personal data being held online, you’d think we could come up with more inventive passwords to keep us safe. The reality, however, is that people are still very lazy with creating passwords.

A recent study showed that the most common password remains ‘123456’. In fact, on average, one in every 142 passwords is ‘123456’.

The other major issue that tends to occur is reusing passwords on multiple sites. As soon as hackers breach a database of credentials, all online accounts using the same password are compromised. And if your password is as predictable as ‘123456’, you’re at considerable risk.

How Predictable Are Your Passwords?

Security.org asked 750 Americans to share their password strategies and security habits to see whether there were any recurring patterns in password issues. 

Here are the key findings:

  • 45% of Americans use passwords that are eight characters or less
  • 25% of Americans share their personal passwords with other people
  • 15% of Americans use strong password generators
  • 21% of Americans have used Trump or Biden as part of their password in 2020. More Americans use Trump (12%) than Biden (9%)
  • 14% use “COVID” in their password
  • 20% admit to dropping an f-bomb or other curse word as part of their passwords
example of weak password

The Consequences of Bad Passwords

The implications for bad password management get worse, still, when you consider how common it s for users to re-use the same passwords over and over across multiple accounts. Just one of those accounts being breached could put multiple logins at risk.

To give you an insight into the nightmarish world of poor-security management, NordVPN evaluated the highest-profile data breaches so far in 2020. Among these, the following data breaches lifted vast numbers of passwords: 

Zoom credentials hack – In the first week of April 2020, more than 500,000 stolen Zoom passwords were reported to be available for sale on the dark web. Some of the credentials were given away for free, while others were sold for as little as a penny each. The credentials each contained the username, password, registered email address, host key, and personal meeting URL. 

Marriott social engineering attack – In March 2020, the Marriott Hotel Group suffered a huge data breach, which compromised the records of 5.2 million hotel guests. Hackers were able to draw off the data of 5.2 million guests by hacking the user credentials belonging to just two members of Marriott’s staff. 

easyJet credential theft – The UK-based low-cost airline easyJet announced that cybercriminals had stolen data records of 9 million customers. With Europe’s strict GDPR rules, companies that breach data protection regulations could be in for some eye-watering penalties. The law firm PGMBM filed a class action lawsuit on behalf of the affected easyJet customers for $23 billion (£18bn).

How Can You Secure Your Passwords?

Ignorance truly is bliss. Although 91% of consumers agree that using the same password poses a security risk, roughly 66% of Americans use the same password anyway. 

So, really, our main solution is to listen to experts and change up our password habits. Below, we’ve listed a few basic rules to follow when it comes to cyber security:

  • Have long, strong passwords, with a mixture of numbers, letters, and special characters
  • Don’t reuse passwords across multiple sites
  • Store passwords securely –  let a password manager do the hard work for you
  • Use two-factor authentication
  • If a site you use has a data breach, change your password immediately, and check you’re not re-using that password and email combination on other sites 

This means you’re going to end up with a lot of passwords if you don’t reuse them, right? Well, that’s where password managers come in handy. A password manager can mitigate a lot of the stress and danger around exposed staff login details.

Luckily for you, we’ve tested the most popular password managers, and found 1Password to be the best, thanks to its extensive feature set, some tempting price plans, and easy to use interface. Dashlane comes in a close second, with global favourite LastPass not far behind.

0 out of 0
  • backward
  • forward
Test Score
Our scoring is based on independent tests and assessments of features, ease of use and value.
Local Storage Option
Two-Factor Authentication
Failsafe Function
Password Generator Function
A password manager can create secure, complex passwords for you. You won't need to remember them yourself.
Help Instructions
Email Support
Live Chat Support
Phone Support
Cost per year
Overall cost per year for a single user.
Click to Try

1Password

Dashlane

LastPass

Sticky Password

4.4
4.3
3.9
3.9

$36

$60

$36

$30

Some tech companies are also trying to do their bit to help us with our password problems. In a recent blog post, Microsoft announced it has improved its compromise-detection capabilities to better defend against password spray attacks. 

According to the tech firm, their software uses machine learning to double the existing detection rate, while maintaining a 98% level of precision.

“Our data scientists started researching the use of these patterns and additional data to train a new supervised machine learning system incorporating IP reputation, unfamiliar sign-in properties, and other deviations in account behavior. The results of this research led to this month’s release of the new password spray risk detection.” – Alex Weinert, Microsoft Identity Division – Security and Protection Team

This new machine-learning detection is able to detect twice the number of compromised accounts of the previous algorithm.

So, there are plenty of steps we can all take to make sure our data is kept safe and sound. All you need to do now is change your habits – and steer clear of ‘123456’!

About our links

Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews. Click to return to top of page

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Beth is a Writer for Tech.co. Having written on a variety of platforms over the years, she prides herself on an eclectic portfolio across multiple sites, and regularly covers articles on the latest environmental tech.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals