Password Security

Password Security: The Everyday Hero You Might Be Ignoring

Let us be honest, most of us have been guilty of using the same password for multiple accounts. Maybe it’s your dog’s name, your birthday, or “password123” (don’t worry, we’ve all been there). But in today’s digital world, where cyber threats are constantly evolving, a weak password can be the easiest way in for attackers.

The Colonial Pipeline Breach (2021)

In May 2021, Colonial Pipeline, one of the largest fuel pipeline operators in the U.S., fell victim to a major ransomware attack that disrupted fuel supply across the East Coast. The cause? Believe it or not, a single compromised password.

Here’s what happened:

An old VPN (Virtual Private Network) account that should have been deactivated was still active. Worse, it didn’t have multi-factor authentication enabled. Cybercriminals from the DarkSide ransomware group obtained a valid username and password, reportedly found in a prior data breach.

Since the account didn’t require a second verification step, the attackers simply logged in and gained access to Colonial’s internal systems. That one weak link led to a multi-million dollar ransom being paid and widespread panic-buying of gas by the public.

This real-world scenario shows just how powerful and dangerous a single password can be when not properly secured.

What Makes a Strong Password?

A strong password is like a good lock that is hard to guess, and even harder to break. Here’s what makes a good one:

• Length: At least 12 characters

• Complexity: Use a mix of uppercase, lowercase, numbers, and symbols

• Uniqueness: Every account should have a different password

• Unpredictability: No names, birthdays, or common words

🚫 Examples to avoid:

• password123

• john1985

• qwerty

• iloveyou

✅ Stronger examples:

• G!v3M3$0meT1m3!

• BlueTiger#9472!

• !N3v3rReusePW

Tips to Stay on Top of Password Security

1. Use a Password Manager
   These tools generate and store complex passwords for you, so you don’t have to remember every single one. Great options include Bitwarden, LastPass, or 1Password.

2. Enable Multi-Factor Authentication (MFA)
   MFA adds an extra layer of security—like a one-time code sent to your phone—even if someone steals your password.

3. Update Passwords Regularly
   Especially for critical accounts like email, banking, and work systems. Don’t wait for a breach to take action.

4. Check for Breaches
   Use tools like haveibeenpwned.com to see if your email or password has been exposed in any data leaks.