Hackers are also humans and humans tend to be lazy. To that point, simply making yourself a target that is not worth the time can go a long way to keeping you safe online. There is a distinction between making it easy for them and making it more difficult than it is worth. Some people think that no one would ever bother going after them but if you make it easy, you can bet you are a target. Many folks think that a hacker could never “guess their password at random”, but hackers are more sophisticated than that.
Trust me, there is not a hacker anywhere simply sitting in front of a screen and typing many different password combinations. The first thing a hacker typically does is seek and find personal information online and then they use sophisticated programs to help ‘guess’ how that personal identification might be turned into a password. There are dictionary-based attacks where programs run names and other personal information against every word in the dictionary. There are brute force attacks that is exactly what it sounds like. A program running all combinations of keystrokes along with a known username. At a few thousand guesses a second, passwords are discovered that way all the time. A low-tech tactic is known as shoulder surfing. Not all hackers are technical geniuses after all. Shoulder surfers will try to catch you entering a password or pin code in a public space. Another prevalent scheme is email phishing and/or brandjacking. These scams try to trick you by pretending to be someone you trust, fooling you into installing a keylogging trojan then tracking your keystrokes to steal credentials. Pro tip: If the email request looks odd, ignore it, and do not click on anything.
There is no way to guarantee an unbreakable password. If someone wants something bad enough and is smart enough, given enough time, they will figure out what they need to do to get it. Most are not that patient though, so the traditional “best practice deterrents” are usually enough to make them give up and find an easier target.
Password Do Not’s: