March 3, 2026 • Joseph Kyule

Introduction
Since their introduction at MIT by Professor Fernando Corbató's team in 1961, digital passwords have become a cornerstone of digital security. Even today, with numerous other methods available, over 90% of users still rely on them. They remain the primary "gatekeepers" for nearly every electronic system, from personal handheld devices to massive corporate and government networks.

Common Password Threats
According to Verizon’s DBIR report and other sources, passwords are the root cause of over 80% of data breaches. This makes them a major concern in security. The following are the commonly password related threats:

1. Phishing & Social Engineering: Attackers use fraudulent emails or websites to trick users into voluntarily sharing their passwords.

2. Credential Stuffing: Using lists of username/password pairs stolen from one data breach, attackers attempt to access other platforms, exploiting the common habit of password reuse.

3. Brute Force & Dictionary Attacks: Attackers target login systems without proper rate-limiting to try millions of password combinations or use lists of common passwords (dictionaries) to break into accounts.

4. Password Spraying: A stealthier approach where hackers try a single common password (like "123456" or "Password123") against many accounts to avoid triggering account lockout policies.

5. Keylogging & Malware: Malicious software or hardware records a user's keystrokes, capturing passwords as they are typed. Commonly delivered to users via phishing email at file attachments.

6. Man-in-the-Middle (MitM) Attacks: Attackers intercept unencrypted communications, such as HTTP traffic, between a user and a legitimate website to steal login credentials in transit.

7. Rainbow Table Attacks: A technique used to reverse cryptographic hash functions, allowing hackers to crack passwords stolen from a database after a breach. This attack has become faster with the rise of GPU powered computers.

How to Protect Yourself

1. Use a Password Manager: This is the single most effective step. Your passwords centrally stored and secured with a single master-password to access them all. Tools like 1Password, Bitwarden, or KeePass generate and store complex, unique passwords for every site. This way, if one service is breached, your other accounts remain safe.

2. Prioritize Length and Complexity: Passwords should be at least 12-16 characters long. Mixing uppercase, lowercase, numbers, and symbols increases the "entropy," or randomness, making them harder to guess or crack.

3. Adopt Passphrases: Combine 4–7 random, unrelated words (e.g., "Correct-Horse-Battery-Staple") to create long phrases that are easy to remember but incredibly difficult for machines to crack.

4. Enable Multi-Factor Authentication (MFA): Activate MFA on all sensitive accounts (email, banking, social media). Even if your password is stolen, the second factor (like a code on your phone) acts as a crucial barrier to unauthorized access. 2FAS, Google Authenticator and Authy can come in handy with this. 

5. Avoid Common Pitfalls: Never reuse passwords. Steer clear of personal information (names, birthdays) or simple patterns like "12345" or "qwerty."

6. Stop Changing Passwords Arbitrarily: Modern guidelines (from NIST) advise against forcing users to change their passwords regularly. This outdated practice often leads to weaker, predictable passwords (like adding a new number each time) and user frustration.

7. Secure Your Devices: Protect your devices with strong PINs or biometrics. Be cautious about saving passwords in browser autofill on shared or public computers.

Bonus Point: A Shift in Thinking

· The Old, Outdated Way: Your password must be exactly 8-12 characters, include an uppercase, a lowercase, a number, and a symbol, and be changed every 90 days.

· The New, Better Way: my blue sofa is comfortable. (It's long, easy to remember, and far harder for a computer to crack). NIST currently advises this approach over the old one. This is in early adoption stages and might not work with all systems as most are still using the traditional way.

"Security is a shared responsibility. Let’s start with strong passwords."

At South-End Tech, we secure Kenya’s digital growth with cybersecurity solutions designed for local realities and global threats.

Telephone: +254 115 867 309 | +254 740 196 519

Email: cybersecurity@southendtech.co.ke| info@southendtech.co.ke | dataprotection@southendtech.co.ke

Comments (1)