A Guide to Protecting Passwords from Hackers
Most of our online activities require password access—a fact that has not gone unnoticed by hackers. With 53 million individuals in the U.S. impacted by a data compromise in the first half of 2022 alone, protecting passwords from hackers is more important than ever.
The basic tenets of password security
Following a few basic guidelines helps keep your passwords safe from cybercriminals:
- Creating strong, complex passwords: Hackers often use algorithms to guess what passwords an individual might use, so it’s important to exclude personal information like your name, birth year, and favorite sports team from your password. Instead, a random pattern of uppercase letters, lowercase letters, numbers, and special characters is recommended.
The number of characters is also important. An eight-character password with uppercase letters, lowercase letters, numbers, and special characters only takes the best hacking software about 39 minutes to crack. That same password with four additional characters would take 3,000 years to crack. - Not reusing passwords: With so many passwords to keep track of, repeating old ones can seem like the simplest option. However, reusing passwords diminishes password security because multiple accounts can be vulnerable if just one account with the reused password is compromised.
- Encryption: Hiding information in an unrecognizable format is a practice dating back centuries, but modern computer technology has taken it to the next level. Scrambling passwords through encryption makes them unreadable and unusable to hackers. Dashlane Password Manager uses AES-256 encryption, widely accepted as the strongest encryption type available and the best way to protect passwords.
- 2-factor/multifactor authentication: 2-factor authentication (2FA) uses a second credential, such as a six-digit code sent through an app or a text, to confirm user identity. This might add a few seconds to your login time, but it also makes it nearly impossible for an intruder to access your accounts without having your device. Multifactor authentication (MFA) uses two or more factors, sometimes including biometric identifiers like fingerprints or facial recognition.
- Safely storing passwords: One of the best ways to protect your passwords is to ensure no one else has (or can get) access to them. This rules out unprotected digital lists of logins, sticky notes, and scraps of paper, as well as storing passwords in your internet browser. The best way to store passwords at home or work is to use a password manager to create and store complex, encrypted passwords on secure external servers where they’re always protected from hacking and data breaches.
Want to learn more about using a password manager for your business?
Check out Dashlane's password manager for small businesses or get started with a free business trial.
The challenges of maintaining password security
Safe password practices go a long way toward ensuring personal and business data remain private. In recent years, learning how to protect passwords has also meant understanding the ongoing changes to work environments, lifestyles, and technology, including:
- Growing numbers of accounts and passwords: The long list of passwords you maintain for personal and business use makes it harder to keep your passwords safe. Reusing passwords, lax storage, and other poor password hygiene practices multiply when there are too many passwords to remember. The familiar set-forget-and-reset password loop can lead to hastily created (and progressively weaker) passwords.
- Working from home (and on the road): Improved internet service and feature-rich tablets and smartphones have made work-from-home (WFH) and bring-your-own-device (BYOD) policies possible. Password security concerns resulting from this evolution include:
- Mixed device use: When the same devices are used for both personal and work applications, it becomes difficult to control what websites and apps employees are using, and company data can be compromised if an individual’s personal password is hacked.
- Using unsecured WiFi without a VPN: Increased mobility leads to more public WiFi use that cybercriminals often prey upon to intercept data. A VPN helps maintain password security in these public settings by encrypting all data going into or out of a device and routing it through a secure portal.
- Using multiple devices for the same accounts: Users transitioning from one device to another need to be sure their logins remain consistent. A password manager should easily sync across devices and operating systems so that global password updates can be made from any device or location.
- Sharing passwords with others: Password sharing among friends and relatives is a common practice for retail accounts and subscription services like Netflix. Passwords are also shared among employees for workplace applications. These practices also create security challenges since everyone sharing the common password becomes vulnerable if any one of them is impacted by a cybercrime.
The risks posed by hackers
Breaches and hacks have continued to increase in recent years, with a record 1,862 breaches occurring in 2021 alone. Notorious hacking techniques create cybersecurity threats that we must be aware of to keep sensitive information secure:
- Malware: Worms, viruses, and ransomware are among the many forms of malicious software, called malware, that can infect your device and damage or disrupt its normal functioning. While some malware is simply intended to annoy us, keystroke logging and password dumping malware can be used to steal logins. Although a password manager won’t protect you from malware, it can make it easier to reset passwords quickly if you experience a malware attack.
- Phishing: As a form of social engineering, phishing attacks use misleading emails to lure unsuspecting recipients into clicking on links. Those links can unleash programs like spyware or malware that intercept your information or cause the device to malfunction. Some phishing emails also present urgent (and false) requests to provide passwords or other personal information. Training and education are effective in minimizing the impact of phishing since these malicious emails can usually be identified based on poor grammar, too-good-to-be-true offers, and email addresses that don’t match the sender’s name or company.
- Scamming: Is scamming the same as hacking? Not exactly. Hackers use technology to gain access to devices, passwords, and other confidential information while scamming tactics deceive their targets into volunteering personal information. One common scamming example is fake online shopping websites where visitors input their credit card information but never receive the items they ordered.
- Brute-force password breaking: The strategy behind the brute-force attacks that are often used for organized corporate hacking involves randomly attempting password and username combinations until a match is found. Automation and artificial intelligence make it easier for cybercriminals to continually spit out new combinations. Since this tactic exploits weak passwords, strong passwords and the password managers that generate them are effective protection.
To learn how to protect your passwords from hackers, just ask one. Check out our Q&A with social engineering expert and white-hat hacker Rachel Tobac.
How to protect passwords from hackers
The best password protection strategies examine common hacking tactics to discover how to secure passwords and minimize risks most effectively.
- Use a strong password
The importance of password strength for thwarting hacking attempts like brute-force password breaking can’t be emphasized enough. Dashlane Password Manager creates long, unpredictable passwords for all your accounts, then encrypts and stores them safely. These strong passwords autofill when you need them, so you no longer have to memorize them or write them down. - Change your password if you suspect a breach
You should always change any impacted passwords if you discover malware or have been involved in a data breach. You might be notified directly by an organization you have an account with that a data breach exposed your information, or you may notice some tell-tale signs like excessive pop-ups or friends reporting unusual emails from your account. Take these warning signs seriously and change your passwords right away. - Store your passwords in a safe place
Passwords written on sticky notes, scraps of paper, or spreadsheets aren’t safe from the prying eyes of hackers. Built-in browser password managers back up your information on their servers but also provide an unencrypted list of your passwords that is vulnerable to a breach. The best way to store passwords safely is by using a password manager to house encrypted passwords on highly secure, hosted cloud servers. - Only share passwords securely
Sharing passwords is common for many retail, subscription, and work application accounts. Even if you’re diligent about your password habits, sharing passwords can undermine security by relying on the password habits of family, friends, and coworkers. If a cybercrime impacts someone you’ve shared a password with, your identity and information become vulnerable. Dashlane provides an encrypted portal for safe password sharing. - Use a password manager
A password manager covers the tenets of password security to provide the best protection from hackers. Automatic password generation eliminates manual, time-consuming password creation and storage, making password managers the best way to keep passwords organized as well as secure. After logging in with a unique master password, you can create strong, encrypted passwords that are safely autofilled for all your accounts.
What Dashlane does to protect passwords from hackers
With intuitive password creation and a secure, protected password vault, Dashlane helps you eliminate risky habits like reusing and storing passwords in the open. Features like 2FA, a VPN, and Dark Web Monitoring increase protection—from public WiFi networks to the darkest recesses of the internet. With our patented zero-knowledge architecture:
- Dashlane can’t access your data
- Dashlane encrypts your data, so even if Dashlane is hacked, the hackers won’t have access to your unencrypted data.
Discover how the Dashlane Password Manager protects you from cybercrimes personally and professionally. Start a free trial today.
References
- Statista, “Annual number of data compromises and individuals impacted in the United States from 2005 to first half 2022,” August 2022.
- Hive Systems, “Are Your Passwords in the Green?” 2022.
- Dashlane, “How to Stop Reusing Passwords for Good,“ January 2020.
- Dashlane, “What is Encryption?” March 2019.
- Incognia, “What are the Key Differences between 2FA and MFA?” 2022
- Dashlane, “Best Way to Store Passwords at Home or Work,” September 2022.
- Dashlane, “How To Remember Hard-To-Remember Passwords,” November 2022.
- Dashlane, “3 Strategies to Prevent Breaches and Hacks at Work,” September 2021.
- Dashlane, “Why Do You Need a VPN? Don’t Miss These 3 Key Benefits,” August 2020.
- ITRC, “Identity Theft Resource Center’s 2021 Annual Data Breach Report Sets New Record for Number of Compromises,” January 2022.
- Dashlane, “6 Cybersecurity Threats That Lead to Business Breaches and Hacks,” June 2021.
- Dashlane, “The 7 Steps of a Cyberattack—And How to Prevent Them,” July 2021.
- Dashlane, “What the Hack is a Brute Force Attack?” February 2020.
- Dashlane, “What the Hack is Malware?” February 2020.
- Kaspersky, “What is Keystroke Logging and Keyloggers?” 2022.
- Dashlane, “You Asked, A Hacker Answered: 7 Questions With Rachel Tobac,” October 2021.
- Dashlane, “How Strong Is Your Password & Should You Change It?” August 2022.
- Dashlane, “Always Change Your Passwords After a Breach," March 2020.
- Dashlane, “Train Dashlane: Our Industry-First Feature Gives You Customized Autofill Accuracy and Control,” September 2022.
- Dashlane, “A Deep Dive into Dashlane's Zero-Knowledge Security,” 2022.
Sign up to receive news and updates about Dashlane