Some users can’t learn from their own mistakes. Many users are using weak passwords and passcodes, often using common words or passwords like “12345” or year of birth as 4-numbered passcode on their mobile phone. Microsoft checked more than 3 000 000 000 leached login credentials from various sources, like public leaked databases or databases from criminal acts. In over 44 000 000 records, users used the same login credentials for more services. Nobody should use the same password on two or more services. If you can’t remember you passwords, just use decent password manager. Personally, I’m using 1Password, though not everybody may like its subscription pricing.
Similar investigation was done in 2018 with over 30 000 000 users’ login data. 52% of all users repeatedly used the same or very similar passwords. Microsoft also said that one third of these passwords can be breach easily.
Troy Hunt, security expert from service Have I been Pwned, said, that in recent data breach with over 773 000 000 e-mail addresses and over 21 000 000 passwords, there were more than 2 000 successful attacks.
The base rule is not to use the same password on more services or accounts and also to create a strong password with random characters with at least one in upper case, at least one number and ideally with at least one special character, like “&”. As for length of passwords, I recommend at least 8 characters. If you are using weak passwords because you can’t remember them, consider using a password manager. Making strong passwords won’t be hard and all passwords will be encrypted and protected by one password, which will be known only to you. Just don’t forget your main password.
For better security, use 2FA – Two Factor Authentication, like SMS codes or dedicated app on your mobile device. Even if attackers gain your login name/e-mail and password, they still won’t be able to get access to your account. I would prefer dedicated mobile app over classic SMS service, because classic SMSes are not encrypted and are delivered as plain text over network.