Cybersec Essentials

Effective strategies for testing and securing passwords

Passwords and data leaks are real, and you can’t be sure about what site was last hacked. Here are a few tips to make your digital life a bit safer.

January 24, 2023

Like any good habit, learning good password habits is easier said than done. Unfortunately, when security failures grow in size and frequency, the stakes rise. In the last couple of months, users from big companies such as SHEIN and Twitter got hacked, and their data was exposed.

In October, the state of New York fined Zoetop Business Company, the owner of fast fashion brands SHEIN and ROMWE, $1.9 million for failing to disclose a data breach that affected 39 million customers. The data breach occurred in July 2018 when a third party gained unauthorized access to SHEIN's payment systems. The payment processor for SHEIN alerted the brand after being contacted by a credit card network and a credit card issuing bank, both of which had evidence that Zoetop's systems had been hacked and card data stolen. The credit card network discovered that the payment details of SHEIN customers were being sold on a hacking forum. 

In July 2022, a hacker known as "devil" announced on the BreachForums hacking forum that they had obtained the data of 5.4 million Twitter accounts and were selling it. The stolen data included email addresses and phone numbers of "celebrities, companies, randoms, OGs," with "OGs" referring to highly desirable Twitter handles. The hacker stated that they would not accept offers lower than $30,000 for the database. The data breach was the result of a vulnerability on Twitter that was discovered in January 2022.

In light of this, using safe passwords is more essential than ever. Given their high monetary worth, passwords are in high demand among hackers, and cybersecurity for big companies as well as for individuals is always at risk. Numerous accounts are easily accessible to thieves due to data breaches and password leaks. Our team has put together a list of essential tips that will make your digital life safer.

How to secure your passwords

Use different login and password for your favorite websites

Three usernames, each with different passwords, are a good and easy idea to implement. One is super tough for those critical accounts, another is not as tricky for your social network sites and public profiles, and one is easy cheesy for those accounts you don't mind. Of course, the most secure option would be to have a different password for each site, but logins and passwords are almost as forgettable as phone numbers.

Create an additional email for social media, retail, and services, and use your personal email for your bank accounts

Having a secure email address helps to protect the data that is transmitted through email, such as financial data, records, and important information. It can also prevent fraudulent emails from being delivered to your inbox, helping to prevent cyber attacks and scams.

In addition to protecting against fraud and data breaches, a secure email address is also essential for maintaining a company's reputation (in case you are a business owner). A data breach or cyber attack can damage a company's reputation and lead to a loss of customer trust. By using a secure email address, a company can demonstrate its commitment to protecting sensitive information and preserving customer trust.

In some cases, legal regulations may also require companies to implement appropriate measures to protect personal data. For example, the General Data Protection Regulation (GDPR) in the European Union requires companies to take steps to protect personal data. A secure email address is one way to comply with these regulations and protect sensitive information.

Use an ultra-high security password generator

If you're a paranoid parrot and want an OMG password for your most important accounts, the GRC | Ultra High Security Password Generator allows you to create strings of random printable ASCII characters, not just alphanumeric. There's a problem, though, if you don't remember strings like w$:s;Sw43,89V}0G+E_TvK=, but once you save it in your browser, you won't have to type it in again. And if you're worried that someone will steal your computer and hack your accounts, worry not! You can permanently erase your stored passwords with Prey's Secure module.

Test your accounts to see if they have been compromised

If you become aware that your email has been compromised in a data breach or cyber attack, it is important to take steps to protect your accounts and personal information. One of the first things you should do is re-evaluate your passwords and consider changing them to something stronger and more secure.

There are several tools available online that can help you determine if your email or password has been compromised in a data breach. One such tool is Have I Been Pwned. This website allows you to enter your email address and check if it has been included in any known data breaches. If your email has been compromised, it is important to change your password as soon as possible to prevent unauthorized access to your accounts.

In addition to changing your password, there are other steps you can take to protect your accounts and personal information. These may include enabling two-factor authentication, using a password manager, and being cautious about the links and attachments you click on in emails. By taking these precautions, you can help secure your accounts and protect your personal information from being accessed by hackers.

Do not reuse passwords

Yavor once acquired access to 20,000 corporate accounts in less than an hour by just entering the default password the accounts came with, he said, while working as a penetration tester for businesses, helping them uncover and remove avenues hackers may use to sneak in.

If you do one thing to safeguard your accounts, make it the following: Reset any settings and retire your old "qwerty" password.

Reusing passwords on several accounts reduces the security of all of them. For instance, if your Netflix and Chase Mobile passwords are the same, a Netflix data breach might put your bank account in danger.

Set up two-factor authentication

Before being granted access to an account, a person must prove their identity in two separate ways using two-factor authentication. By turning on two-factor authentication, you stop hackers from entering if they just have access to your login and password.

In the past, two-factor authentication required a text message with a number that was sent to your phone. Knowing the code indicates that you have your phone, which gives the app or website confidence that you are who you say you are.

However, using that technique exposes you to risk if someone steals your phone. Spend a few seconds downloading an authenticator app if you want additional credit for good password hygiene.

When someone attempts to get in, these are connected to your accounts and ping you. The app then provides you with a second information to confirm your identification and enable signing in. In addition, you may access authenticator applications from Google, Microsoft, Twilio, and using various mobile devices. Enter "authenticator" into a store's search bar to download one.

Use a password manager

Our memory works in mysterious ways; not all people are equally gifted. Luckily for them, password manager apps store security and disclose it using a single password—anyway, you need to create and remember at least one, and it better be strong. 

If you're going to a password manager app, we recommend BitWarden. It is a popular password manager that helps users securely store and manage their login credentials for various online accounts. Here are a few reasons why Bitwarden is a great password manager:

  • Easy to use: Bitwarden has a user-friendly interface that makes it easy for users to store, organize, and retrieve their login information. It also has a range of features, such as the ability to generate strong, unique passwords, that make it easier for users to secure their accounts.
  • Secure: Bitwarden uses strong encryption to protect the data that users store in the password manager. It also offers features such as two-factor authentication to add an extra layer of security to users' accounts.
  • Cross-platform compatibility: Bitwarden is available on a wide range of devices and platforms, including Windows, macOS, Linux, Android, iOS, and web browsers. This makes it easy for users to access their password manager from any device, regardless of the operating system.
  • Free version available: Bitwarden offers a free version of its password manager that includes all of the essential features. This allows users to try out the password manager and see if it meets their needs before committing to a paid plan.

How to test your passwords

Kyle Spearrin, CTO of Bitwarden, tested the strength of several sample passwords and timed how long it would take a computer program (like those employed by contemporary threat actors) to decipher each password. You might be surprised by the outcomes of this experiment. Here's a sample of the data:


Best password strength checkers


Here is a quick summary of what you should do to make sure your passwords are secure:

  • Don't write them down. 
  • Avoid putting passwords on your monitor or tucking them under your keyboard. 
  • Utilize a tool for managing passwords.
  • Change your passwords frequently. 
  • Avoid using the same password for multiple accounts. 
  • Never enter your password on a computer that you don't own. 

Remember that you should refrain from performing any tasks that call for a login and password when using your laptop or a computer at an Internet café since your data may be captured through the wireless network or using keystroke recording devices.

Passwords are but one aspect of security. It would help if you also used a firewall and other security tools to prevent hackers from accessing your system and safeguard your identity online to create a safer environment online.

On the same issue

NIST or CIS framework?: Which is better for Schools

Comparing giants: NIST & CIS. Which framework secures K-12 schools better?

May 13, 2024
keep reading
Implementing the CIS Framework: Step-by-step Guide for K-12 Schools

Implement CIS Controls in K-12 schools to strengthen cybersecurity, safeguard student information, and be the hero your school needs.

May 10, 2024
keep reading
Decoding The CIS Control Framework for K12 IT Teams

Elevate your K-12 security game with CIS Controls for stronger security posture and regulatory compliance.

May 9, 2024
keep reading
Cybersecurity Trends to Navigate this 2024

Navigating the Cybersecurity Trends 2024: AI threats, ransomware, IoT risks, BEC attacks and more

February 5, 2024
keep reading