In a world of constant bleeps and buzzes and bings, it can be very, very tempting to glance at certain notifications before promptly swiping them away, never to be thought of again. But as it turns out, there is one type of notification – one that we are probably all ignoring — that we really shouldn’t be: those pesky weak password prompts.
We’ve all seen them — and we’ve probably all ignored them without a second thought. “I’ll change that password next time I log in,” you might think. Or worse, “It’s probably actually fine, who’s trying to hack into little old me’s emails anyway?”
As it turns out, those weak password prompts are actually pretty important — and heeding them could save you a whole lot of time, hassle and security in the long run.
According to cybersecurity expert and co-founder of Live Proxies, Jacob Kalvo, hackers are very much out there looking to exploit just about anyone who happens to have a weak password.
“Having a weak password is very dangerous as modern-day hackers use sophisticated methods like brute-force, dictionary attacks and credential stuffing to crack weak passwords effortlessly,” he explains. “For example, passwords ‘123456,’ ‘password’ or ‘qwerty’ are some of the most commonly breached because they are easily guessed or discovered from leaked password dumps.”
Once they crack your easy little code, hackers can find their way to just about anything — emails, bank accounts, business records, you name it. “The consequences extend beyond data loss; it may lead to identity theft or financial fraud,” he says.
So where do those weak password prompts come in? Well, they’re not random. These days, most systems can tell when your password is too easy to guess – and they’ll warn you about it.
“The majority of systems that exist nowadays have implemented breach detection services like Have I Been Pwned’s API or similar software, which cross-check your passwords against databases of millions of previously stolen credentials from previous hacks,” explains Kalvo. “If your password is matched with one in such a database, you will be prompted to update it right away.” In other words, that weak password prompt is a sign that you could be hacked very, very easily.
“Furthermore, password strength algorithms are also testing length, character variety and randomness,” he says. “For instance, if your password is shorter than eight characters or lacks numeric and special characters, the system considers it weak. Security best practices in most organisations also demand change of password on a regular basis or minimum passwords, which invoke such reminders.”
If you ignore a prompt to update your password, Kalvo says you’re essentially leaving your front door open for hackers to come in and take what they like. Yikes.
“In practice, it makes your accounts more susceptible to credential stuffing, where attackers use pilfered passwords on one site to gain access to others, or brute force, where they try systematically various combinations of passwords,” he says. “The consequences can be catastrophic: unauthorised expenditure, identity theft or personal embarrassment through hijacked social media profiles. Recovery can be costly, time-consuming and in certain cases, impossible.”