Skip to main content

How to check and improve your password security

5 min read

Nov 13, 2024

How secure is my password?

If you use the same one or two passwords for all accounts, then the likelihood is that your password security isn’t as strong as it should be. It’s fairly common that people pick a combination of letters, numbers, and words that they can remember and replicate that as a “master password” across their online accounts. If you’re one of those individuals, you’re far from alone. 

Password security research by LastPass found that 62% of survey respondents always or mostly use the same password, or a variation of the same password. This is a bad habit, and you should absolutely be using different passwords for every account.

Types of password attack

Hackers have more than one way to steal your passwords. That's why it’s so important that you have more than one password serving as your online defense against different types of password attack:

 

Brute force attack

As the name suggests, this is when the hacker guesses your password through sheer force of will. We’ve all been there, pausing at the log in screen of an old account and trying your luck with a mildly strategic guess of what your password might have been. Take that and crank it up to hacker levels, where they can program a string of code to do the guesswork for them, and a weak password can be broken in mere seconds.

 

Credential stuffing

Cybercriminals who’ve gained access to username and password lists from a website breach will often use them to initiate a credential stuffing attack. Here, the attacker will identify the website accounts from the list of emails on their list to see if the stolen password will work for these accounts as well. 

As passwords are recycled by such a large number of users, credential stuffing attacks can greatly amplify the damage caused by an initial data breach.

 

Phishing

You’ve probably experienced this one before, but were able to recognize it for what it was. Unfortunately, not everyone is so lucky. A phishing attack is when a scammer lures you in with fake correspondence like an email from your bank. You’ll be asked to input your credit card details to resolve some issue, usually one that’s too good to be true like you being due back some money. 

Once they have these details, it’s game over. If you ever get an email from your bank asking for this information, assume that it’s a phony message and call the bank directly to confirm its validity.

 

Dictionary attack

Similar to brute force, a dictionary attack assumes that you’re using common words for your password and runs through common dictionary terms. If your password consists of one or two standard words, you’re unlikely to survive this one unscathed.

Keep your data safe with Dropbox

From multi-factor authentication to file encryption, Dropbox helps safeguard your digital files, folders, and data.

Gold padlock secured on a black latch on a wooden surface.

How to improve password security

So, now you know what you shouldn’t be doing, what should you be doing to keep your digital identity and activity safe? Here are our top dos and don’ts:

Use a secure, unique password and never the same one twice

A strong password is one that’s totally unique to you as a user and your account. Your password should never be used anywhere else or be associated with any other account or username. A truly secure and unique password will consist of the following:

  • Uppercase characters
  • Lowercase characters
  • Special characters (!#%$*)
  • Numbers
  • More than 15 characters

Common sense abides here. You may not be a hacker, but it doesn’t take a cybercriminal to know that a five-character password is a lot easier to crack than a 20-character password, or that the obvious “qwerty” password is, well, obvious. 

Avoid numbers and symbols that are clearly stand-ins for letters, for example, 0 instead of O, 8 instead of B, and $ instead of s. You should also aim to change your passwords once every six months to better protect your personal information online. This may seem overzealous, but you can never be too safe when it comes to your online security.

 

Use a password manager

A program can defend against a hacking program better than the human mind. For example, “&*Td^zJxsQkF” is extremely secure, and maybe you could have generated that yourself. But human habit is often predictable, and we’re all very likely to follow similar keyboard paths even when we’re trying hard to be random.

 

Don’t use public or insecure Wi-Fi

A public Wi-Fi hotspot is an open connection, which means anyone can use it. All it takes is someone with bad intentions to connect to this network and they’ll quickly be able to take advantage of other users. As a rule of thumb, never share information like bank details or credit card numbers on a public Wi-Fi hotspot.

 

Use two-step verification

Multi-factor authentication, or two-step verification, is when you use more than one security method to access your account. A common method is to require your password as step 1 and then to input a one-time code sent via SMS to your mobile phone as step 2. 

Other methods include an automated phone call to the mobile number associated with the account or a code emailed to a different email than the one you created the account with. The idea is that even if a hacker gains access to your original account, it’s unlikely they’ll also have your phone and secondary email at hand. 

Dropbox provides an option for multi-factor authentication to keep your account secure from unknown login attempts. When this feature is applied to your account, Dropbox will require a six-digit security code (in addition to your password) when you log in to your account or link a new device. 

 

Use trusted, secure sites and file-hosting services

Secure sites will have a small padlock appear in the address bar. It’s vital you confirm this before doing anything on the website, such as online shopping or sharing personal information. 

The majority of sites have this feature, but if you plan to host files and folders, you’ll want to make sure they’re even more protected. Dropbox, for example, utilizes encryption and meets strict levels of compliance to provide multiple layers of cloud security.

Keep your data safe and secure, with Dropbox

Maintaining password security is incredibly important and means you should be making long-lasting habits of the steps listed above. We’re only human, and there are only so many passwords we can remember. Thankfully, platforms like Dropbox provide extra layers of security to keep your files safe from harm.

Whether you’re a business, a freelancer or just sharing documents with friends, Dropbox values your security as highly as you do. With features like multi-factor authentication, file encryption, and dark web monitoring, and more, we make sure you don’t have to live in fear of a data breach.

Explore related resources

Person working with a laptop and tablet in a professional setting highlighting the importance of strong password security.

How to password protect any file

Keep sensitive files secure by password protecting them. Learn how to add encryption to your files on Windows, Mac, and cloud storage in this easy-to-follow guide.

A teenager shows their mobile device to their grandparent.

What is cloud computing and how does it work?

Most people are familiar with the "cloud" these days, but what actually is it? Find out what cloud computing involves, and why it matters as much to businesses as it does to individuals.

A person connecting to a VPN via their laptop.

What is a VPN and how does it work? Everything you need to know

Keeping you, your family, and your business safe online feels more important with each passing day. Find out what a VPN is, how it safeguards your online activities, and keep browsing secure.