The common password mistake that's exposing you to hackers
There's no shortage of password-protected accounts these days, with everything from setting up a pair of wireless headphones to buying a pint on a pub app requiring new log-in details.
It's perhaps no surprise that many of us attempt to use slight variations on the same password, even ones that have leaked online - but how secure is it really to change (for example) Potato123 to Potato456 or P0tato123?
It's very common to do so: 60% of people in Britain admit reusing passwords, and of those, 62% make slight variations in the same password, believing that this protects them from cybercriminals, according to 2025 research by Nordpass.
But the idea that this makes a password more secure is 'one of the most common misconceptions' about staying safe online, Darren Guccione, CEO of password management company Keeper Security, tells Yahoo News.
Many people believe that changing a single character in a password (i.e. swapping a number for a symbol, or changing a number) is enough to protect accounts.
'It's understandable of course," Guccione says. "People's digital footprint today is significant and remembering complex passwords can be difficult, particularly when it might involve websites that users visit infrequently.
'So people, naturally, opt for shortcuts. Changing one letter can feel like an easy quick fix.'
Cybercriminals often work from lists of passwords that have leaked in online 'data breaches', where information such as passwords are stolen from hacked sites.
Last week, for example, it was reported that 16 billion passwords were leaked online in one of the largest illicit data dumps in history.
And according to a report by financial insights company TransUnion published this week, one in seven people say they have lost money to fraud in the past year. Half (50%) said that a fraud attempt had been made against them in the past three months.
'The reality is that this simple step pales in comparison to the persistent efforts we see from cybercriminals today in attempting to gain access to your data," Guccione says of those who think a simple password switch is enough to keep their details safe.
If your password has been compromised, simply changing one letter is not enough, as the tools today's cybercriminals use allow them to guess multiple similar passwords at once.
'Cybercriminals are well-versed in this type of behaviour. So much so that today's attackers routinely build these small variations into their cracking tools and password lists. They strongly expect this type of behaviour from users and they prepare accordingly," Guccione says.
'These predictable variations are low-hanging fruit for hackers. If your credentials have been previously compromised in a breach, it's safe to assume a new, slightly tweaked version will be just as vulnerable.
"Today's hackers use automated tools, often powered by AI, that test common passwords and their slight variants by the millions.'
Billions of passwords have leaked online in this way; you can check whether yours has leaked on sites such as HaveIBeenPwned.com.
Never reuse passwords, even with variations, Guccione advises.
Even if it's for a site you won't use often, there is a chance that site will be hacked and your password will be exposed - and then every other site you have used it for (or slight variations of it) on will be vulnerable.
'Predictability is the ultimate failing when it comes to matters of cybersecurity. Cybercriminals prey on people's underestimation of just how sophisticated their password cracking methods have become," says Guccione.
He advises using passwords with no names, dates or dictionary words - they should, ideally, be randomly generated and at least 16 characters long.
He also recommends using a password manager app to store and generate passwords.
'Using a password manager is the digital equivalent of a security system: a modern solution designed to eliminate predictable habits entirely," he says.
'This secure tool will generate strong, unique passwords and store them safely, so you don't have to rely on memory or risky behaviours such as simple, reused passwords."
Guccione also advises using two-factor authentication where possible on all accounts, either via codes sent to your mobile or via a dedicated app.
'This could be biometrics, a hardware security key or a code that is sent to your mobile device after you have logged in to an account," he says.
"This second step verifies that it is in fact you who is logging in to said account. It provides an essential additional layer of security, so even if your password is cracked, your account remains protected.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
Telos (TLS) Secures Defense Deals as B. Riley Sees Undervalued Cyber Play
Telos Corporation (NASDAQ:TLS) is one of the 10 best debt-free IT penny stocks to buy. Recent developments indicate that Telos Corp (NASDAQ:TLS) continues to build on its strengths in secure communications and cyber governance, even as the stock faces pressure following a recent downward revision in its price target. An engineer in front of a complex network security system, monitoring for potential threats. Around mid-May, a B. Riley analyst lowered his price target on Telos to $3.75 from $4.50, while maintaining a Buy rating. The analyst highlighted that the company's Q1 results exceeded consensus on both revenue and adjusted EBITDA. The company also reaffirmed its full-year guidance. According to him, the stock's decline after results appear more of an overreaction and doesn't reflect the company's improving fundamentals. He also believes that this decline undermines the fact that Telos anticipates a stronger performance in the second half of 2025. Meanwhile, Telos secured two key government contracts, in the first two weeks of June, that reinforce its relevance in national security-focused IT solutions. The first is a $3.7 million contract renewal with the U.S. Air Force Intelligence Community for continued use of its Xacta platform. This extension allows the Air Force to automate and manage cyber compliance across sensitive networks, an area where Telos has built a solid track record. Additionally, Telos was awarded a $14 million, five-year contract from the Defense Information Systems Agency (DISA) to support the Organizational Messaging Service (OMS). Through its Automated Message Handling System, Telos will continue providing secure and efficient message delivery across the Department of Defense, allied military partners, and federal agencies. These contract wins highlight Telos' established relationships with defense clients and its ongoing role in managing mission-critical communication infrastructure. Telos Corporation (NASDAQ:TLS) delivers cybersecurity, secure mobility, and identity management solutions to government and commercial clients. While we acknowledge the potential of TLS as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: The Best and Worst Dow Stocks for the Next 12 Months and 10 Best Tech Stocks to Buy According to Billionaires. Disclosure: None.
WIRED
an hour ago
- WIRED
I Let AI Agents Plan My Vacation—and It Wasn't Terrible
The latest wave of AI tools claim to take the pain out of booking your next trip. From transport and accommodation to restaurants and attractions, we let AI take the reins to put this to the test. Photo-Illustration: Wired Staff/Victoria Turk The worst part of travel is the planning: the faff of finding and booking transport, accommodation, restaurant reservations—the list can feel endless. To help, the latest wave of AI agents, such as OpenAI's Operator and Anthropic's Computer Use claim they can take these dreary, cumbersome tasks from befuddled travelers and do it all for you. But exactly how good are they are digging out the good stuff? What better way to find out than deciding on a last-minute weekend away. I tasked Operator, which is available to ChatGPT Pro subscribers, with booking me something budget-friendly, with good food and art, and told it that I'd prefer to travel by train. What's fascinating is that you can actually watch its process in real time—the tool opens a browser window and starts, much as I would, searching for destinations accessible by rail. It scrolls a couple of articles, then offers two suggestions: Paris or Bruges. 'I recently went to Paris,' I type in the chat. 'Let's do Bruges!' Armed with my decision, Operator goes on to look up train times on the Eurostar website and finds a return ticket that will take me to Brussels and includes onward travel within Belgium. I intervene, however, when I see the timings: It selected an early-morning train out on Saturday, and an equally early train back on Sunday—not exactly making the most of the weekend, I point out. It finds a later return option. So far impressed, I wait to double-check my calendar before committing. When I return, however, the session has timed out. Unlike ChatGPT, Operator closes conversations between tasks, and I have to start again from scratch. I feel irrationally slighted, as if my trusty travel assistant has palmed me off to a colleague. Alas, the fares have already changed, and I find myself haggling with the AI: can't it find something cheaper? Tickets eventually selected, I take over to enter my personal and payment details. (I may be trusting AI to blindly send me across country borders, but I'm not giving it my passport information.) Using ChatGPT's Operator to book a train ticket to Bruges. Courtesy of Victoria Turk Trains booked, Operator thinks its job is done. But I'll need somewhere to stay, I remind it—can it book a hotel? It asks for more details and I'm purposefully vague, specifying that it should be comfy and conveniently located. Comparing hotels is perhaps my least favorite aspect of travel planning, so I'm happy to leave it scrolling through I restrain myself from jumping in when I see it's set the wrong dates, but it corrects this itself. It spends a while surveying an Ibis listing, but ends up choosing a three-star hotel called Martin's Brugge, which I note users have rated as having an excellent location. Now all that's left is an itinerary. Here, Operator seems to lose steam. It offers a perfunctory one-day schedule that appears to have mainly been cribbed from a vegetarian travel blog. On day 2, it suggests I 'visit any remaining attractions or museums.' Wow, thanks for the tip. The day of the trip arrives, and, as I drag myself out of bed at 4:30AM, I remember why I usually avoid early departures. Still, I get to Brussels without issue. My ticket allows for onward travel, but I realize I don't know where I'm going. I fire up Operator on my phone and ask which platform the next Bruges-bound train departs from. It searches the Belgian railway timetables. Minutes later, it's still searching. I look up and see the details on a station display. I get to the platform before Operator has figured it out. Bruges is delightful. Given Operator's lackluster itinerary, I branch out. This kind of research task is perfect for a large language model, I realize—it doesn't require agentic capabilities. ChatGPT, Operator's OpenAI sibling, gives me a much more thorough plan, plotting activities by the hour with suggestions of not just where to eat, but what to order (Flemish stew at De Halve Mann brewery). I also try Google's Gemini and Anthropic's Claude, and their plans are similar: Walk to the market square; see the belfry tower; visit the Basilica of the Holy Blood. Bruges is a small city, and I can't help but wonder if this is simply the standard tourist route, or if the AI models are all getting their information from the same sources. Various travel-specific AI tools are trying to break through this genericness. I briefly try MindTrip, which provides a map alongside a written itinerary, offers to personalize recommendations based on a quiz, and includes collaborative features for shared trips. CEO Andy Moss says it expands on broad LLM capabilities by leveraging a travel-specific 'knowledge base' containing things like weather data and real-time availability. Courtesy of Victoria Turk After lunch, I admit defeat. According to ChatGPT's itinerary I should spend the afternoon on a boat tour, taking photos in another square, and visiting a museum. It has vastly overestimated the stamina of a human who's been up since 4:30AM. I go to rest at my hotel, which is basic, but indeed ideally located. I'm coming around to Operator's lazier plans: I'll do the remaining attractions tomorrow. As a final task, I ask the agent to make a dinner reservation—somewhere authentic but not too expensive. It gets bamboozled by a dropdown menu during the booking process but manages a workaround after a little encouragement. I'm impressed as I walk past the obvious tourist traps to a more out-of-the-way dining room that serves classic local cuisine and is themed around pigeons. It's a good find—and one that doesn't seem to appear on the top 10 lists of obvious guides like TripAdvisor or The Fork. On the train home, I muse on my experience. The AI agent certainly required supervision. It struggled to string tasks together and lacked an element of common sense, such as when it tried to book the earliest train home. But it was refreshing to outsource decision-making to an assistant that could present a few select options, rather than having to scroll through endless listings. For now, people mainly use AI for inspiration, says Emma Brennan at travel agent trade association ABTA; it doesn't beat the human touch. 'An increasing number of people are booking with the travel agents for the reason that they want someone there if something goes wrong,' she says. It's easy to imagine AI tools taking over the information gateway role from search and socials, with businesses clamoring to appear in AI-generated suggestions. 'Google isn't going to be the front door for everything in the future,' says Moss. Are we ready to give this power to a machine? But then, perhaps that ship has sailed. When planning travel myself, I'll reflexively check a restaurant's Google rating, look up a hotel on Instagram, or read TripAdvisor reviews of an attraction, despite desires to stay away from the default tourist beat. Embarking on my AI trip, I worried I'd spend more time staring at my screen. By the end, I realize I've probably spent less.
Associated Press
an hour ago
- Associated Press
Bitcoin Solaris Presale Surges Past $5M as Phase 9 Begins, Offering Early Investors a 150% Upside Before July Launch
TALLINN, Estonia, June 29, 2025 (GLOBE NEWSWIRE) -- Bitcoin Solaris (BTC-S), the next-generation blockchain platform focused on scalability and real-world utility, has crossed a major milestone in its ongoing presale—raising over $5 million as it enters Phase 9. With the token price now at $9 and a public launch target of $20, early investors are eyeing a potential 150% gain before the scheduled launch in just under six weeks. Amidst ongoing crypto market volatility, Bitcoin Solaris is emerging as a rare opportunity grounded in technical innovation, sustainability, and long-term value creation. Introducing Bitcoin Solaris: Crypto Stability Meets Next-Gen Design Bitcoin Solaris (BTC-S) is designed to offer scalability, energy efficiency, and everyday accessibility without sacrificing decentralization. By integrating a hybrid consensus model with cross-chain functionality and smart contract support, it delivers the tools needed for a sustainable and high-performance blockchain ecosystem. One of the standout features is the dual-consensus architecture that merges Proof-of-Work for base-level security with Delegated Proof-of-Stake for speed and efficiency. This hybrid ensures that BTC-S remains secure while still handling up to 100,000 transactions per second on the Solaris Layer. What Makes Bitcoin Solaris Technically Superior The strength of BTC-S lies in its layered infrastructure. Let's break it down: These features enhance performance and ensure long-term sustainability and growth. Real Utility Across Multiple Industries Bitcoin Solaris isn't just theory. Its architecture is built to support: With such a vast application layer, BTC-S is more than a coin—it's an ecosystem ready to support global infrastructure. The Rewards System: Designed for Inclusion and Long-Term Value Bitcoin Solaris uses an inclusive reward system that balances incentives across all key roles in the ecosystem: This dynamic approach evaluates factors like device type, network contribution, and user longevity. It ensures that rewards flow to those adding the most value. More details about the system can be seen through the official documentation. Market Voices Are Taking Notice A growing number of influencers are calling Bitcoin Solaris one of the most exciting projects of 2025. One detailed review by Token Empire breaks down why this hybrid model is capturing serious attention. Across Telegram chats and Twitter threads, more investors are highlighting BTC-S for its real-world potential and inclusive design. Presale Performance Signals Massive Potential Investors are acting fast. The presale is now in phase 9, with the current price at $9 and a launch target of $20 a 150% upside for early believers. Over $5 million has been raised, and momentum continues to grow. This is not just a token drop - it's a timed opportunity. One of the most talked-about presales across influencer platforms and audit trackers. And yes, both Cyberscope and Freshcoins have completed extensive audits, making this one of the best-reviewed launches of 2025. Final Verdict Bitcoin Solaris doesn't follow market hype—it rewrites the rulebook. At a time when most cryptocurrencies ride volatile waves, BTC-S is anchoring its value in real utility, community-driven validation, and inclusive mining. It offers something many thought was no longer possible in 2025: a fair shot at crypto wealth for the average investor. For more information on Bitcoin Solaris: Media Contact Xander Levine [email protected] Press Kit: Available upon request Disclaimer:This content is provided byBitcoin Solaris. The statements, views, and opinions expressed in this content are solely those of the content provider and do not necessarily reflect the views of this media platform or its publisher. We do not endorse, verify, or guarantee the accuracy, completeness, or reliability of any information do not guarantee any claims, statements, or promises made in this content is for informational purposes only and should not be considered financial, investment, or trading in crypto and mining-related opportunities involves significant risks, including the potential loss of is possible to lose all your capital. These products may not be suitable for everyone, and you should ensure that you understand the risks involved. Seek independent advice if necessary. Speculate only with funds that you can afford to are strongly encouraged to conduct their own research and consult with a qualified financial advisor before making any investment decisions. However, due to the inherently speculative nature of the blockchain sector—including cryptocurrency, NFTs, and mining—complete accuracy cannot always be the media platform nor the publisher shall be held responsible for any fraudulent activities, misrepresentations, or financial losses arising from the content of this press the event of any legal claims or charges against this article, we accept no liability or does not endorse any content on this page. Legal Disclaimer: This media platform provides the content of this article on an 'as-is' basis, without any warranties or representations of any kind, express or implied. We assume no responsibility for any inaccuracies, errors, or omissions. We do not assume any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information presented herein. Any concerns, complaints, or copyright issues related to this article should be directed to the content provider mentioned above. Photos accompanying this announcement are available at:
