Scam Safeguard: How Thieves Target Your Logins and Passwords

How Thieves Target Your Logins and Passwords

Did you know that over a billion passwords were stolen in 2024? One of the tradeoffs of living in this time of incredible technology is the need to be security conscious. We keep so much sensitive information in our accounts that we need to be mindful of losing access to those accounts. The question is: what do you look out for?¹

Here are some things to keep in mind:

• Passwords Are Not For Recycling. Over half of global passwords are reused. Reusing passwords across multiple accounts creates a domino effect—if one account is compromised, others could be in jeopardy.²
• Rapid-Fire Trial and Error. Brute-force attack software repeatedly guesses passwords until it finds a match. Weak or reused passwords make these automated hacks more successful, as they can go faster than you can think. They often start with commonly used passwords in so-called Dictionary Attacks.²
• Malware/Ransomware/Spyware. There’s no shortage of malicious software designed to uncover and find your sensitive information, including your passwords.
• Phishing For Info. Emails, texts, or phone calls—often disguised as legitimate communications—trick people into revealing confidential details like passwords.
• Be Aware of Your Surroundings. Traditional tactics like observing over someone's shoulder or stealing written passwords remain effective. PINs and notes left in public places are especially vulnerable. They call it “Shoulder Surfing,” as in that person who was just looking over your shoulder.²

Better Password Practices

It can feel overwhelming, especially with so many passwords to remember, but with so much on the line, developing a better password practice is something everyone could stand to do.

• Utilize a Password Manager. Password managers generate, encrypt, and store strong passwords securely. Most password managers also include autofill features and support two-factor authentication.
• Use Encryption. Encryption, using a password-generating tool, converts data into unreadable formats without a decryption key.
• Be Aware of Social Engineering. Read up and learn to recognize phishing attempts and unsafe websites. Implement zero-trust policies to authenticate all users.
• Enable Two-Factor Authentication (2FA). Add an extra layer of security with 2FA codes sent via text or app.
• Create Strong Passwords. Use at least 12 characters with a mix of letters, numbers, and symbols. Avoid personal information and refrain from reusing passwords.
• Avoid Insecure Sharing. Use secure methods like encrypted password-sharing tools instead of email or text.
• Use a VPN on Public Wi-Fi. A VPN encrypts your internet connection, protecting data and masking your IP address.

Password theft is a big deal, and it can be pretty intimidating. That said, there are many tools at your disposal to help you handle the dozens of passwords you may need to remember, generate new ones quickly, and avoid weak or recycled passwords. 

<sup>1. TechRadar.com, January 24, 2025
2. DashLane.com, July 27, 2023</sup>