Obvious newsflash: safety equipment only works if you use it. This is true in the real world, and it’s also true in the digital world.
Earlier this year Google celebrated Safer Internet Day by rolling out new features for its Chrome browser—including a password extension called Password Checker. It tells you if you’re using a password that’s been exposed in a third-party data breach so you can change it to something more secure. Those who have installed the extension get big, red, pop-up alerts when they use a password that has been exposed (and is therefore unsafe). Great idea, right?
Here’s the thing though—despite being told their passwords are compromised, people aren’t always updating them.
Google’s just-released information shows 25.7% of people who got alerts didn’t change their passwords. And these weren’t just for unimportant sites either—people reused “unsafe credentials for some of their most sensitive financial, government, and email accounts.”
This is why hackers continue to use credential stuffing—a process of automatically entering username/password combinations into websites to try and get a match—because it still works.
The report isn’t all doom and gloom though. Users chose to update 26.1% of the unsafe passwords that Password Checker flagged. And when they did change them, users did a good job: 60% of new passwords are secure to guessing attacks.
See? We really can change our bad habits! To get you started, here are four easy ways to do it:
1. Consider downloading Chrome’s Password Checker. It’s free and will automatically monitor anytime you log into a site or service. If it detects a password that’s been leaked, you’ll see the warning box mentioned above. When it tells you to that your password is compromised, CHANGE IT. Get it here.
You should remember that you don’t have the same coverage when you’re on your mobile phone or tablet since Chrome for mobile devices doesn’t support extensions—at least not yet. Rumor has it that Google is working to build Password Checker into the browser and may be released in late October.
2. Don’t use passwords you KNOW are bad. Everyone in the universe knows that 123456, password, qwerty, 111111, and 000000 are terrible passwords so stop.using.them. Wikipedia actually has a decent list of the most popular passwords (translation: the easiest to hack) for the last 7 years, so don’t use any of these, okay?
3. Don’t recycle your passwords. We’ve said it before, but we’ll say it again: don’t reuse passwords! A good password is a one-time-use lock. You wouldn’t use the same key to lock up your house, your car, your bank account, and your birth certificate—don’t do it online either.
4. Use a password manager. A password manager can create complicated and unique passwords for your accounts and save them so you don’t have to remember. CNET just published their take on the best password managers, and PC Magazine, Tom’s Guide, and Digital Trends also have their recommendations.
Seriously, you can do this! Take a few minutes right now to implement one or more of these ideas—your future self will thank you!