Reduce Online Risk with Simple Password Precautions By: Larry Clement, Director, Orange County Information Technology Department
Data breaches and online vulnerabilities are frequently in the news. As technology has advanced, so too have the scams and tricks that leverage such technology to accomplish their illegal activity. In such a world, it’s important to be proactive in protecting oneself and one’s organization or business.
Predictable passwords have long been a problem for those trying to prevent cybercrime. In fact, a Cybernews study of 19 billion leaked passwords from April 2024 to April 2025 shows just how predictable passwords can be. A mere 6% of the passwords were unique, demonstrating how common password reuse still is, even in 2025. The use of “password” as a password has often topped these studies in the past. However in this study, “123456” topped the list, appearing 338 million times. That being said, passwords such as “password” and “admin” still appeared for a total of 100 million times, suggesting it’s still in widespread use. The study also provided a breakdown, by category, for various types of passwords used, such as names, cities, celebrities, sports teams, and even swear words. These insights help defenders to create stronger password requirements, while attackers use this information to strengthen password-guessing tools. 1
The data from this study is already finding its way into attack tools used for so-called “credential stuffing” attacks. Credential stuffing attacks use stolen or easily available account information to gain access to user accounts. This type of attack relies on the assumption that many passwords are reused across a variety of a user’s accounts. Those looking to protect themselves should start by adopting passphrases instead of passwords. Passphrases are usually at least 14 characters long and contain one or more words, numbers, or symbols. Consider using a password manager which can create very long random passwords and store them for future use. The convenience of these managers, and the removal of any need to actually remember the password itself, makes it easier to resist reusing the same ones. Just be sure to keep the “master passphrase,” which allows access to the manager, very secure.
Finally, one of the most effective tools available is multi- factor authentication. Multi-factor authentication utilizes an authenticator application or text messages to require more than just a password for account access. While it may seem inconvenient at times, the added security is well worth it. For those interested, authenticator apps from reliable providers are widely considered more secure than text messages. Taking these straightforward steps can help make sure your password (or passphrase, preferably) doesn’t end up in one of these studies in the future. Until next time, be safe in cyberspace.
Sources : 1.https://cybernews.com/security/password-leak-study-unveils-2025-trends-reused-and-lazy/
15 14
Powered by FlippingBook