A weak password can cost you your entire digital identity – how to protect yourself on World Password Day

According to Mikko Kulmala, Head of Information Security at DNA, modern methods can easily crack short passwords, even if they contain special characters arranged randomly.

“Passwords are still important, but they are no longer sufficient on their own. Today, you should always think in terms of at least two factors: something only you know, such as a password, and something you own, such as an authentication app on the phone,” Kulmala says.

The most important step is to start identifying risks and make at least one improvement related to authentication today.

"Start by looking at how you’re currently operating. Should the password for a particular email account be updated to something long and unique? Could you enable multi-factor authentication? Could today be a good day to explore password managers? It’s best to reduce risks one step at a time,” Kulmala advises.

Weak and reused passwords expose users to multiple attacks

A significant share of data breaches is still linked to weak or reused passwords. Criminals exploit automation and leaked credentials, which are systematically tested across a wide range of services. These leaked username–password pairs are used in widespread attempts to log in to services offered around the world.

“If the same password is used in multiple places, a single breach can open countless doors. Attacks are largely automated, so the risk is not theoretical – it’s unfortunately very real,” Kulmala explains.

“It’s also important to make sure you only enter your password when you know you’re logging in to a legitimate service and when the login request clearly relates to your own actions. Unfortunately, cybercriminals also try to lure people into logging in on phishing sites,” Kulmala continues.

Not all user accounts are equally critical. Email accounts in particular deserve special protection, as they often serve as the key to other services.

“For many people, email is the single most important account, because it can be used to reset passwords for other services. The risk of identity misuse through social media platforms has also increased, so they require special attention as well. Naturally, work and corporate systems and cloud services must also be properly secured. In addition, it’s important to keep work-related and personal passwords separate,” Kulmala says.

A strong password is long and unique

ccording to best password practices, the most important factors are not the number of special characters, but password length and uniqueness. With dozens of services in use, remembering unique passwords without tools is unrealistic. Security improves significantly when passwords are combined with additional protection mechanisms.

“A password manager is essentially a necessity today. It generates and stores strong passwords securely, allowing you to use genuinely long and unique passwords without having to remember them yourself. On top of that, additional layers of protection such as authentication apps, provide the best security, as an attacker cannot proceed with just a leaked password without a second authentication factor,” Kulmala states.

Poorly protected accounts can lead to financial losses, identity theft, data breaches, reputational damage, and scams. In the worst cases, the damage happens quickly and becomes costly.

“An attack can progress in minutes. Once an email account has been taken over, the next steps are quickly automated, and the damage may already be done before the user even notices anything,” Kulmala says.

DNA’s tips for World Password Day:

• Use a long passphrase (at least 14–16 characters) or a password manager that creates long, unique passwords
• If you create a passphrase, use multiple full words or sentences that you can remember, and combine languages, dialects and personal elements
• If you create a passphrase, avoid obvious words and information (such as names or birth years)
• Never reuse the same password across different services
• Enable multi-factor authentication (MFA)
• Use biometric authentication such as fingerprint or facial recognition

Media enquiries:

DNA Corporate Communications, tel. +358 44 044 8000, communications@dna.fi