• by Jess Nelson , May 2, 2017

Thursday marks World Password Day, an annual online holiday that casts a spotlight on the need for strong passwords for digital accounts.

Email hacks, from the DNC to Yahoo Mail, have dominated the news cycle over the past year. Yet many consumers still practice unsafe password practices according to a recent study by SailPoint.

Two-thirds of respondents admitted to using a single password among applications in SailPoint’s most recent Market Pulse survey, and 20% of respondents said they shared passwords with co-workers. Sharing passwords is ill-advised since one data breach can have a ripple effect across other online accounts.

 “There is an interesting ‘domino effect’ that data breaches can have across multiple accounts,” says Kevin Cunningham, president and founder of SailPoint. “Identity has become the new attack vector, and hackers are all over that fact -- taking stolen credentials from one breach and using them to access another web site all because a person chose to reuse a password across multiple sites -- a very common occurrence.”

Cunningham recommends that consumers should create a unique password for every application or account, and make sure that password is long and complex. He says that, ideally, twelve character passwords should be thought of as a minimum.

Jonathan Penn, director of strategy at Avast, also recommends unique passwords for each online account. He says that strong passwords should contain a mixture of numbers, special characters, upper and lowercase letters, and that passwords should not be personally connected to you in anyway.

“That’s an easy thing to say, but not an easy thing to do,” says Penn. “We’re asking too much of users to do this on their own.”

Penn argues that companies are asking too much of consumers when it comes to email password security. Most consumers don’t practice safe email password security because remembering a uniquely, long password for every online account is too arduous of a process.  

This, combined with the financial motivation for hackers to target email, creates a security quagmire.

“Access to your email can be more sensitive than bank passwords, because you can get to your bank through an email password,” says Penn.

Having a browser remember your passwords isn’t a solution either, says Penn. 

“They [consumers] don’t understand that the browser keeps these things stored in an unsafe way,” says Penn. “A hacker can grab a password file and immediately get access to all of your passwords that the browser has been storing. “

To help solve this issue, Avast offers a digital security product that manages encrypted passwords across multiple platforms. A premium version of the program monitors the Internet to proactively notify users of data breaches and help them with any password changes.