Why Strong Passwords and 2FA Are Non-Negotiable in 2025
Data breaches are now a regular occurrence and make great news. Increasingly, municipalities, utilities, and government, are being breached and held hostage for ransom, hence the term ransomware. It turns out that many newsworthy data breaches weren’t due to a sophisticated hack (some were), but rather to a disgruntled or recently dismissed employee. One with access to sensitive network or administrator passwords. Or one who picked up a nefarious USB stick in the men’s washroom and stuck it in his computer’s port hoping to find downloaded movies or someone’s saucy vacation photos (think Stuxnet.)
As a cybersecurity evangelist, it surprises me more than ever how little many tech savvy people are still not practicing good online hygiene especially with their password practices. I’m not talking about deleting your cookies when you browse the web or disabling your “app tracking” functions on your smartphone.
Many of us blindly enter our credit card information to go past a news site’s paywall so we may continue to consume more Orwellian tech news. We’re in such a rush, some of us even allow browsers such as Google Chrome and Microsoft Edge to store our private passwords online for us. When signing up to a new online subscription we often use a password we’ve memorized. Sometimes we’re informed that the password we tried to use wasn’t strong or complex enough. So, we write it down on a Post-it note and add an exclamation point or a dollar sign at the end of it and voilà our password is now supposedly secure.
Use strong passwords
According to security behemoth Kaspersky, 59% of passwords can be cracked in an hour. That’s almost 6 out of 10 passwords.
A strong password is one that is at least 12 characters including capital letters, lower case letters, numbers, and special characters.
Examples of strong passwords include FJia0$1r08ja4!!0s or 50sfjjRis0#ps6J. Some password phrases can also be effective like T0y0t@coRRola$15MyFaveAutt0mobilE.
Never reuse or share your password
Never share your passwords with neither friends, family, nor co-workers. Gently inform your friends to purchase their own Netflix subscription and inform your family to let you know what they’d like you to order for them on Amazon rather than let them access your account and do their own online shopping.
Amazon facilitates this by letting you create various user profiles with their own credit card information. Amazon doesn’t require 2FA or MFA.
Turn on 2FA or MFA everywhere
2FA, short for “2-factor authentication” and MFA, short for “multifactor authentication” is a second layer password protection method which is free and becoming increasingly mandatory on some websites.
The way it works is when you enter your username and password on a website, a code is sent to you by another means to ensure the user is indeed you logging in. That’s right, you enter your username and password, and you receive a 6-digit code via text message to your smartphone or to a different email address than the one you used to register your online account. These codes are usually valid for two minutes.
Even more secure than sending a text message to your phone or to an email address is to use an authenticator app.
Use an authenticator app
I use both Google and Microsoft’s Authenticator apps. These apps are free and easily downloadable from the Apple Store (if you’re using an iPhone) or Google Play (for those using Android devices.)
What makes authenticator apps more secure is that the device the app is installed on is registered to the app. This ensures you’re holding your device when logging in and waiting for your 2FA code.
This is important because the technology used to send you a 6-digit app via SMS text messaging is now much more easily hacked nowadays. Your authenticator code is only valid for thirty seconds and ensures you’re holding.
In my next article, I’ll explain the benefits of password managers and passkeys. Thanks for reading and let me know if you have any questions by posting a comment below.
