Password Safety: Expert provides tips for people on World Password Day; here's what to know

In a world that increasingly digitized, many people use passwords to access a variety of services, but whether people are doing passwords right is another story.

May 5 is World Password Day, and cybersecurity experts are offing tips that they say can help people to tighten up their online security.

Here's what you should know about password security.

Read More: FOX 10 Explains

How are Americans doing, as far as their passwords?

According to a Google/Harris Poll in October 2019, 4 in 10 of those surveyed say their performation information has been compromised online, and that 47% of those whose information has been compromised say they lost money due to the compromise.

In addition, 24% of those surveyed say they have used the following passwords, or some variations of them:

  • abc123
  • Password
  • 123456
  • Iloveyou
  • 111111
  • Qwerty
  • Admin
  • Welcome

The poll also shows that 59% of those surveyed have incorporated a name or a birthday into their password, and 

How often are data breaches happening?

According to a 2021 report by the Identity Theft Resource Center, there were 1,862 data compromises in 2021, representing a 68% increase from 2020. and setting a new all-time high.

"There is no reason to believe the level of data compromises will suddenly decline in 2022," Eva Velasquez, President and CEO of the Identity Theft Resource Center wrote, in a statement. 

What are experts saying about people's passwords?

Ken Colburn with Data Doctors says the top mistakes people make is keeping the same password for multiple sites.

"Your passwords are key to your kingdom," said Colburn.

According to the 2019 Google/Harris Poll, 66% of those surveyed use the same password for more than one online account.

In addition, Colburn says there are problems with the lengths of people's passwords.

"The problem is an eight-character password, right now, is completely useless," said Colburn. "It is too short."

To demonstrate the problem, Colburn typed in a shorty password on a website that will check how quickly a password can be broken.

"I used a lot of complexity, but someone that was motivated can break that in eight hours, which is nothing," said Colburn.

Read other technology stories

What should people do about passwords?

Colburn says the best option is to create a password that is 16 characters  at least. He adds that length is more important than even adding symbols, or making the password complicated.

"One easy way for anyone looking at this and saying 'oh my goodness, I can't remember eight' is take that eight-character password we are using right now, and just double it and type it in twice." said Colburn.

One way to remember the longer passwords is to create phrases, instead of just letters and symbols, and write it down or save them somewhere.

What other steps can people take to safeguard their accounts?

Some websites have another security feature called two-factor authentication (2FA).

According to Cisco, 2FA works by adding another layer of authentication on top of a username and password.

"Common examples of 2FA include smartphone apps, which require the user to respond to a verification method such as a push notification before they're able to log in," read a portion of the website.

Beside the method described above, some websites offer an option to use a hardware token for people to fulfill the 2FA requirement.

"If a password is hacked, guessed, or even phished, 2FA prevents an attacker from gaining access without approval by a second factor," read a portion of the website.

A number of popular websites, such as Facebook, Google, Instagram, Snapchat, and Twitter offer 2FA options.

In addition, a number of financial institutions, like Fidelity, Morgan Stanley, USAA, and Wells Fargo, also offer 2FA options for their online services.