Advait Author of Everyday Cybersecurity, a blog aimed at creating awareness about Security and Privacy.

Passwords - The necessary evil

Before starting this blog, I sent out a survey to gauge people’s interest and awareness about Security and Privacy. After analysis, it was found that the majority of the people were concerned about the safety of their online banking and email accounts, which was not at all surprising. If you use an email provider like Gmail, everything is tied to your email account, your photos, smartphone apps, documents and of course your emails. And concerns about online banking are a no brainer given there is money involved!

The easiest solution to all our Security and Privacy problems is to turn off our internet connection and disconnect from the world. Of course that’s not what we want to do because there are many other simple measures that we can take to protect ourselves on the internet

How do we keep ourselves safe online then? The answer is

By building better habits around Security & Privacy

What does that mean? It means that instead of focusing on Security & Privacy only where we think is important (i.e. above examples), we inculcate simple yet effective Security best practices in our everyday lives (thus the name of the blog)

Think about washing hands as an example. As kids,we were taught to wash our hands before eating or after coming home from school. With COVID it has become evident how effective that simple tip was. We’ll look at similar things when it comes to our online safety so that we can avoid infecting ourselves (perhaps with a virus)!

So let’s get right into it and talk about our first topic - Passwords!

Everybody is familiar with passwords and why they are required, so without getting into any further history of passwords and how we got here, we can say one thing for sure - Passwords are here to stay at least for the foreseeable future. I call them the necessary evil because there are no good alternatives even after all the technological advancements that we have made.

And there are plenty of resources out there to tell you about the password policies, the most common being

Password Policy Example

But what many people won’t tell you is what may happen once you set your password. Let’s consider a scenario, you set a password “Summer@123”, it has a number, upper and lower case character and a special character too. So we have fulfilled all the requirements. That’s awesome, right?

Well, not really. Because anyone can guess your password and they don’t even have to think because “summer” is one of the most common passwords. Don’t believe me? Here is the list of 1000 most common passwords compiled for you.

If you use any of the passwords from this list for any online services, I’d highly recommend you change them right now!

So what else can you do to protect yourself? Here are some tips:

Use a different password for all sites

I know it’s a pain to remember all the passwords but we have a solution for that as well (more on that in the next post)

Use a longer password

Why? Because longer the password, the harder it is to guess by trying all the permutations and combinations.

And here is the most important one!

Use Multi-Factor Authentication (MFA/2FA) on every online service that offers it!

This can be another blog post in itself, but a number of experts have written on this topic so I will defer to them to explain what it is. In layman terms, the OTP or PIN that your bank sends every time for a transaction is a form of MFA. This offers a very simple benefit, even if someone guesses your password correctly, they won’t be able to access your accounts unless they enter this one time code.

Here’s the link to an article explaining in detail what MFA means - Duo Security is a company that offers Multi Factor authentication products.

Last but extremely useful tip is:


No human should be asking you for your password or your OTP or PIN that you use to login. Bank employees, other members of Helpdesk for IT companies will never ask for it so never share the code with them.

That’s all for today. Hope you learned at least one new thing from this post. Do share this post with your friends and family. And please provide feedback via social media or email!