A strong and unique password is a highly effective bulwark against data breaches. But, the key is to ensure users - whether they be individuals or employees within an organization - are utilizing strong and unique passwords for every account or device they log into. Unfortunately, recent Bitwarden research demonstrates this is probably unlikely. According to the Bitwarden 2023 World Password Day Survey, a majority (68%) of respondents manage passwords for 10+ sites or apps and yet 84% of respondents also reuse passwords. Close to a quarter (20%) were also affected by data breaches within the past 18 months. Given these findings, a reasonable user might wonder: ‘is my password compromised?’
A password management vault is owned and managed by either an individual or an enterprise. A vault is used to store items securely, such as passwords, usernames, logins, company credit cards, and other important notes or files.
If you’re asking ‘is my password compromised?”, one of the ways to determine this is to run a Bitwarden Vault Health Report. Run locally on the client, the Vault Health Report can uncover, among other things:
Passwords that have been exposed in a data breach
Weak passwords that can be easily guessed by attackers
The exposed passwords report is a particularly useful tool. Using a trusted web service, it identifies passwords that have been uncovered in known data breaches that were released publicly or sold on the dark web by hackers. Should you receive notice your password was exposed, your next step is to create a new one.
As mentioned above, the best password is a password that is strong and unique - as in, not easily guessed or reused. It should also include a combination of uppercase and lowercase letters, numbers, special characters, and words unrelated to your personal information and be at least 14 characters or longer (an 8-character password will take a hacker 39 minutes to crack while a 16-character password will take a hacker a billion years to crack).
But, the large number of devices and accounts the average user logs into means it’s not easy to create strong and unique passwords, particularly those that meet this criteria and are easy to remember. The reason memory matters is because 58% of users rely on their memory to ‘manage’ their passwords.
Fortunately, there’s a better way. A password manager allows users to generate and store long, complex passwords for each site while only having to remember one master password (the one that unlocks your password manager account). And since we’re focusing on the importance of generating strong passwords, here’s another tip: with the Bitwarden password generator, users can create complex passwords or passphrases that keep information safe, such as “overfill-syndrome-stew-whoopee-cancel” or “7uQJHeWjaxiUHf”. These passwords or passphrases can then get copied directly into the Bitwarden vault.
Users who feel relatively confident about the strength of the passwords - and those that do not - can also leverage the Bitwarden password strength testing tool. They can simply type in or copy their password (which is never transmitted to the Bitwarden servers and is processed locally in a device’s web browser window) and be given an evaluation. For example, typing in the password ‘Passwo$d1” reveals it is ‘weak’ and would take 41 minutes to creak, whereas typing in ‘hunky-dates-56-cats’ reveals a password that is ‘strong’ and would take centuries to crack.
With these tools, the average user can stop worrying ‘is my password compromised?’ and be well on their way to creating a stronger password security posture.