Identity theft. Ransomware. Data breach. Malware. Brute-force attack. If you’re familiar with any of these terms, chances are your stomach hurts just reading them.
But fear doesn’t stop them from happening.
With each passing year, security threats grow stronger, targeting more businesses of every size and industry. What are cybercriminals looking for? Credentials.
In its DBIR: 2025 Data Breach Investigations Report, Verizon found that "42% of breaches involve compromised credentials", including usernames, passwords, tokens, and other "secrets" (i.e., credentials). On top of that, financial gain is the motive in nearly 90% of incidents across all industries (though espionage is a growing trend).
Simply put, cybercriminals are actively attacking networks on a daily basis, and none of us are immune.
Today, we'll be tackling one of the front lines of security: secure password creation and management.
How to Create Strong Passwords
How do you keep up with all your passwords? And how long should you use them? Is it okay to share your password with a friend? How do you know if a password has been compromised?
Do's:
- Do use a different password for every site you log in to. For instance, your work password should be completely different from your Netflix password.
- Do use two-or-more-step authentication (MFA). This means that beyond just requiring a password, a site will also ask for a one-time-use code from an authentication app, which you’ll then type into the log-in screen.
- Do use password management software (i.e. Dashlane or LastPass, etc.) to help you securely create, store, and manage passwords across all your devices.
- Do regularly check if your passwords have been compromised.
- Some companies, like Apple and Google, have this feature built in to their devices and apps, and will alert a user in the event of a security issue.
- To proactively check for breaches, use HaveIBeenPwnd (haveibeenpwned.com). On this site, users can anonymously and safely check the security of individual passwords and find out if their information has been part of any known data breach.
- Do change your password immediately, if you’re notified there’s been a security issue.
Don’ts:
- Don’t use personal information as your password, such as your date of birth or social security number.
- Don’t use your user name as your password.
- Don’t recycle passwords. If you’ve used a password once, it’s done.
- Don’t leave your password written anywhere near your computer: on a sticky note, under your mouse pad, behind your monitor...
Your best defense against any kind of cyberattack is prevention, and that starts with a secure password.
Questions? WYRE always helps!