Spotlight on Security: Password Security

Published 10/07/2021

By Jon Faelnar

The most common password used in 2020 was 123456, according to a report from NordPass. Sadly, even today, very insecure passwords are still being used to secure online accounts. To add to the insecurity of using a password such as 123456, the average person tends to reuse the same password across multiple online accounts. To make things even worse, people are often reusing the same email address and password combination across multiple online accounts.

For example, Joe Smith is using his email joesmith[at]insecure.doh and password 123456 to access his online fantasy football site. He also uses the same email address and password combination to access his Amazon account. One day, Joe notices significantly large purchases were made on his Amazon account. The only problem is that he did not make the purchases.

One of two possible scenarios occurred that led to his Amazon account being hacked:

·        Scenario 1: An attacker easily guessed his Amazon account password and therefore was easily able to access it and made expensive purchases.

·        Scenario 2: An attacker hacked his online fantasy football site, obtained his login credentials and tried the credentials on bigger sites like Amazon, to see if they could successfully gain access.

While the above was merely an example, these scenarios are both possible and have occurred in the real world.

What Can You Do to Protect Yourself Online?

First and foremost, do not use the same username/email address and password combinations across multiple online accounts. In today’s world, it is understandable that might not be practical as online services become more and more integral in our everyday lives. A common misconception is the idea of needing to frequently change your passwords when you simply need something strong and unique. A good rule of thumb is the longer and less personal a password, the better. Though this may seem daunting at first, there are solutions out there that are available to make this practical and feasible.

Password Managers

Password managers such as Last Pass (https://lastpass.com) or 1password (https://1password.com) are good resources to consider.

Both of these password managers can be used to store the login information for all of the websites that you use in your daily life. It becomes the centralized location that you can go to whenever you login to an online account.

Additionally, these solutions also offer the option of auto generating passwords for you. You can define the password criteria. For example, if you want the password to include uppercase and lowercase letters, numbers and special characters, you can select those options. You can also define how many characters you want your password to be, and it will store everything in one spot.

For those that are in the Apple ecosystem, on MacOS and mobile devices such as the iPhone and iPad, Apple offers Apple Keychain. It has similar features as Last Pass and 1password, except it is built right into your existing iCloud account and can be accessed securely on all of your devices.

The key takeaway — with password managers, you only have to remember one password, which is to the password manager. But even with this, you may not need to remember the password. Read the next section for more insight! With the likes of LastPass and 1password, they have an additional feature where you can set up emergency access and can designate one or more individuals who you have granted access to your password manager, should you become unavailable.

It is important to note there will always be risks associated with relying on any one software. Password managers are still susceptible to malware attacks and vulnerabilities just like any other app. Limitations exist around accessing your data if you forget your master password and password managers may not work across all of your devices. Password managers are great solutions but in the spirit of transparency, you should make yourself aware of the pros and cons of any services you choose to use.

Another Layer of Security

We have reviewed how weak passwords are unsafe, how reusing the same username/email and password combination across multiple online accounts is not recommended and how password managers can help contribute to making access to your online accounts a little safer. There is at least one more thing that can be done to add another layer of security to your online accounts.

Multi-factor authentication, otherwise known as MFA, is an additional measure to validate the identity of the person trying to access an account. You commonly see this when trying to access your bank account. The identity verification process usually involves sending a code to your phone via text message. When you enter the correct code, you gain access to the account.  

Google and Yahoo Mail prompt you to open their respective apps on your phone to validate that you are accessing your account. You may also see another method where the account may require you to authenticate through an app such as Authy to confirm your identity. These are but a few examples of what is available to provide that extra layer of security to protect your accounts.

A Brief Recap of Password Security

We covered so much in so little time. To briefly recap:

·        Don’t reuse usernames/email addresses and password combinations across multiple accounts.

·        Consider the use of password managers to securely manage and store the credentials to your online accounts.

·        Strongly consider the use of MFA as the final layer of security on your online accounts (if it is supported).

We hope you find this information useful! If you would like to see other passwords that appeared on Nord’s 2020 list, you can find them at Top 200 most common passwords of the year 2020.


By clicking on a third-party link, you will leave the Forum website. Forum is linking to this third-party site to share information in a different format and is for informational purposes only. However, Forum cannot attest to the accuracy of information provided by this site or any other linked site. Forum does not endorse the site sponsors or the information or products presented there. Privacy and security policies may differ from those practiced by Forum.