Are You Still Using Weak Passwords?

From the moment it came into being, the digital world is a dangerous place, and the cyber risks are smarter than ever today. People and companies can lose money, have their data stolen, or have their identities stolen if they use weak passwords or old authentication methods.

A while back, we pointed out the story of how a weak password allowed a Cyberattack that caused a 158-year-old UK company to close. This is not fearmongering. It happens, more often than one would think.

The first line of defense against hackers is a strong password, but you can’t stop there - it's not the only thing that will do the job.

So, let’s talk about the basics of strong passwords, Multi-Factor Authentication (MFA), and the other Best Practices to keep your accounts safe.

Do strong passwords prevent hackers?

There is no ‘one thing’ that will prevent hackers, but your passwords are your best first step. A password is like a digital key that lets you into your personal and work accounts. Hackers use methods like brute-force attacks, phishing, and credential stuffing to get into accounts with weak passwords. If someone gets your password, they might be able to get in without your permission, steal your info, or even commit fraud.

Using passwords that are easy to figure out is the worst ‘rookie’ mistake of them all. ‘123456’ is the longtime champion of the ‘world’s most common password sweepstakes.’ It’s also the easiest to crack. Without a doubt, it’s the first option hackers will try. Reusing passwords is another risk. If you use the same password for more than one account, one breach can let hackers into all of them.

The smart money in cybersecurity says that passwords should have a mix of numbers, capital and small letters, and special characters. But complexity isn't enough on its own. Length is also important - experts say at least 12 characters is best. Password tools like a Password Manager can help you make unique, complicated passwords and safely store them. They make it easier to remember multiple passwords and lower the chance that someone will use the same one twice.

Please refer to our tips on Creating Strong Passwords.

What are the benefits of multifactor authentication?

Tighter cybersecurity is the #1 benefit of Multi-factor authentication (MFA). It requires users to provide two or more verification methods before accessing an account. This significantly reduces the risk of unauthorized access. Even if you use a ridiculous password like ‘123456’ you are still protected by the extra login step(s).

What are MFA’s Authentication Factors?

There are three types:
1: Something You Know
– Passwords, PINs, or security questions.

2: Something You Have – A smartphone, hardware token, or security key.

3: Something You Are – Biometric verification like fingerprints, retinal scans or facial recognition.

Typical MFA Methods

SMS-Based Codes – Usually sent via text to a smartphone or email, this is a one-time code. While convenient, SIM-swapping attacks make this method less secure.

Authenticator Apps – Apps like Google Authenticator generate time-sensitive codes without relying on SMS.

Hardware Tokens – Physical devices like YubiKey provide phishing-resistant authentication.

Due to its perceived inconvenience, MFA adoption remains low despite its effectiveness. However, the trade-off between security and usability is minimal compared to the risks of account takeover. Think of that if you ever feel it’s a hassle to lock your doors before going to bed.

What is the future of multi factor authentication?

The future we imagine today may not be the future we realize tomorrow. Cybersecurity, and along with its components like MFA, are fast-moving targets. What we are seeing now are that traditional passwords are gradually being replaced by more secure and user-friendly alternatives. ‘Passwordless’ authentication is gaining traction, using biometrics or cryptographic keys.

Fingerprint, facial recognition and retinal-scan types of biometric authentication offer convenience but isn’t foolproof—biometric data can be spoofed (copied) or stolen. Behavioral biometrics, which analyze typing patterns or mouse movements, provide an additional layer of security.

FIDO (Fast Identity Online) standards are another innovation, which enables passwordless logins via hardware security keys or device-based authentication. Major tech companies like Apple, Google, and Microsoft are adopting FIDO to phase out passwords entirely.

Regardless of how technologies improve security, user education remains critical. Many breaches occur due to human error, such as falling for phishing scams. In the final section, we’ll cover best practices for maintaining secure credentials.

How can I manage user authentication effectively?

The fundamental steps are regularly updating passwords and enabling MFA are, but proactive monitoring is equally important. Here’s how to stay ahead of threats:

Learn How to Avoid Phishing Scams – Never enter credentials or click on links and attachments on suspicious emails pretending to be from trusted sources.

Monitor for Data Breaches – Check free services like Have I Been Pwned [sic] that notify users if their credentials appear in leaked databases.

Get Password Manager – This solves a lot of problems immediately. These tools generate, store, and autofill complex passwords while encrypting them for safety.

Enforce password policies and regularly conduct cybersecurity training. Individuals should treat their passwords like house keys—never leave them exposed or reuse them carelessly.

Frequently Asked Questions

How is password strength measured?

Typically, password strength is based on length, complexity, and uniqueness. The strength of a password is often described in terms of how long it would take to correctly guess (or “crack”) that password using current-day software and hardware tools.

To test the strength of your passwords, a good free service is 'PasswordMonster’. Simply type in a password and it will tell you how long it would take for a hacker to crack it. HINT: ‘0 seconds’ is not good.

‘ImMLw0&23o&i5Mc’ - one of the examples in our article ‘Creating Strong Passwords’ would take 9 TRILLION YEARS to crack.

Trust me: hackers don’t have that kind of patience…

What is the most trustworthy Password Manager?

As with most things, it depends on your specific needs. Security.org gives us their top picks for 2025 HERE.

Does MFA actually work?

It does, but it’s not foolproof. It significantly reduces the risk of data breaches. Using multi-factor authentication (MFA) to bolster password security with another form of authentication is proven to keep hackers out of your systems, because attackers must overcome more than just a stolen password.

Does pwned mean hacked?

Pwned is sometimes a factor in a successful hack. It’s internet slang derived from "owned," meaning to be thoroughly defeated, dominated, or, in a security context, to have your data compromised in a data breach.

How secure is your network?

As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.

The best defenses are expert cybersecurity to protect your data from theft, and a top-notch Managed Services Provider (MSP) to ensure continued reliability and defenses against newly emerging threats.

With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

IT Support LA is an award-winning Managed Services Provider (MSP):
o  3 Years awarded Best IT by the Small Business Expo
o  Awarded 2nd best company of any type in the US by the Small Business Expo SB100
o  Awarded Best IT Support in California by Channel Futures
o  Winner of Best IT in Los Angeles by Channel Futures
o  Listed as one of the world’s Top 501 MSPs by CRN and in the top 250 in the   ‘Pioneer’ listing
o  4 years listed as one of the Top 501 MSPs in the World by Channel Futures
o  Listed as #21 MSP in the World in Channel Futures NextGen 101
o  Globee 2021 Bronze Award winner for Chief Technology Officer of the Year
o  Globee 2022 Gold Award winner for Chief Technology Officer of the Year
o  Named one of 2022’s 50 ‘Best’ businesses in California by UpCity
o  Named Best of IT winner by UpCity
o  Winner of Local Excellence Award for 2021, 2022 and 2023 by UpCity
o  Named Best of Cloud Consulting winner by UpCity
o  Certified as Top Managed Services Providers and Cybersecurity Pro by UpCity
o  Named Best IT in Los Angeles by Expertise.com.

Ready to Strengthen Your Digital Security?

Cybersecurity is an ongoing effort, and staying informed is your best defense. Strong passwords and multi-factor authentication are just the beginning—emerging technologies like biometrics and passwordless logins are shaping the future of secure access. Whether you’re an individual or a business, adopting these practices can prevent costly breaches.

Contact us for personalized solutions tailored to your needs and receive your FREE no-risk network and security assessment. Just fill out the form on this page or call us at: 
818-805-0909