With password theft rocketing, it’s never been more important to get rid of your old, unsafe logins and start using new and unhackable replacements – including passkeys. Nik Rawlinson explains what you must do
Attempts to steal passwords have shot up in the past few years. In 2015, Microsoft’s security team detected 115 every second. That has now risen to over 4,000 – a rise of more than 3,370 per cent. Hackers continue to target passwords because – deep down – humans are predictable. Too many of us use the same passwords over and over again, despite all the security advice telling us it’s a terrible idea.
In this feature we’ll give you a complete password audit, so you can see which ones have been stolen and what you must do to make your new ones unhackable. We reveal a password-creation technique that’s served us well over the years, and it’s more sophisticated than replacing the letter 0 with zeroes, and the number 3 with pound signs. We’re sure you have your own similarly ingenious methods – so please let us know.
We also explain how to prepare for passkeys, which are rapidly replacing passwords. You can now use these in password managers to sign into your Microsoft, Google and Apple accounts, and into many websites. We know some of you are unsure about the security and convenience of passkeys, but the tech industry is adopting this technology so quickly that we have no choice but to learn how to use them.
Our advice should help protect you from the worst consequences of password theft, even if your accounts appear in data leaks. Talking of which, we start with the nine deadliest hacks of recent months. If you suspect you’ve been affected, take action straight away.
NINE RECENT HACKS YOU MUST KNOW ABOUT
Dell customer database
April 2024
Customers affected 49m As we reported in Issue 684’s ‘Question of the Fortnight’ (page 10), a hacker called Menelik claims to have stolen 49 million customer records (2017-2024) from Dell, and put them up for sale on the dark web. The data comprises names, addresses and purchase details, but not payment details, emails accounts or phone numbers. Dell emailed affected customers (pictured below), saying there’s no “significant risk”.
Facebook Marketplace accounts
February 2024
Customers affected200,000 Account details of 200,000 Facebook Marketplace users were stolen in February, including names, mobile numbers, email
