PETALING JAYA: Cybersecurity experts have advised the public to change their passwords for digital applications and bank accounts at least once a month to minimise the risk of hacking and data breaches.
Malaysia Cyber Consumer Association president Sirajuddin Jalil said users can no longer rely on outdated password-setting methods as doing so leaves them vulnerable to cyber threats.
“Ideally, a password should have no connection to you at all. Many people mistakenly believe passwords should be easy to recall, but their primary purpose is to be difficult for others to guess, not easy for you to remember,” he said.
He was commenting on a report by password management service NordPass, which revealed that 14,396 Malaysians use “123456” as their password. The data was sourced from publicly accessible platforms and the dark web, covering users from 44 countries.
Sirajuddin said cybercriminals are constantly evolving their tactics, making it essential to stay ahead with robust security measures.
A common mistake among users is reusing the same password across multiple platforms.
He warned against using passwords containing personal information and saving them in browsers.
“The safest method is to write passwords on paper because digital storage leaves behind footprints that hackers can trace. Cybercriminals also use spyware to remotely access devices, making digital storage of sensitive information risky,” he said.
Sirajuddin urged companies and online platforms to enforce stricter password
policies to prevent users from choosing weak passwords.
While six-character passwords were once common, today, longer combinations of unique symbols, numbers and letters – possibly up to 20 characters – are more secure.
Although creating complex passwords can be inconvenient, he stressed that it is a one-time hassle compared with the consequences of being hacked.
“Cybercriminals are the driving force behind today’s digital black market. They create the supply and demand for stolen data, including personal information saved on devices, such as photographs and important files.
“High-profile individuals, such as politicians and government leaders, are especially targeted. This is why passwords are crucial, as they are the keys to protecting everything in our digital lives,” he said.
Cybersecurity expert Murugason R. Thangaratnam said one of the most effective ways to enhance online security is using two-factor or multi-factor authentication whenever possible.
“This adds an extra layer of protection to accounts, making it harder for cybercriminals to gain unauthorised access. Spyware is one of the most common and serious threats to internet users and can infiltrate a device without the user’s knowledge.
“It can be embedded in app install packages, file attachments or malicious websites, with the primary goal of stealing credit card numbers, banking information and passwords,” he said.
Murugason noted that changing passwords properly is just as important as doing it regularly.
Many users simply alter a character or two, which makes it easier to remember but also easier for cybercriminals to predict.
He explained that credential stuffing, a tactic used by hackers, allows them to exploit reused or slightly modified passwords, impersonate account owners, access sensitive data, empty accounts and make fraudulent purchases.
“Our research shows that cracking a complex password could take decades and require supercomputing power. Ensuring that all variations of a compromised password are changed and never reused would help secure accounts from cybercriminals,” he said.
