In a world of constant bleeps and buzzes and bings, it can be very, very tempting to glance at certain notifications before promptly swiping them away, never to be thought of again. But as it turns out, there is one type of notification – one that we are probably all ignoring — that we really shouldn't be: those pesky weak password prompts.
We've all seen them — and we've probably all ignored them without a second thought. “I'll change that password next time I log in,” you might think. Or worse, “It's probably actually fine, who's trying to hack into little old me's emails anyway?”
As it turns out, those weak password prompts are actually pretty important — and heeding them could save you a whole lot of time, hassle and security in the long run.
According to cybersecurity expert and co-founder of Live Proxies, Jacob Kalvo, hackers are very much out there looking to exploit just about anyone who happens to have a weak password.
“Having a weak password is very dangerous as modern-day hackers use sophisticated methods like brute-force, dictionary attacks and credential stuffing to crack weak passwords effortlessly,” he explains. “For example, passwords ‘123456,’ ‘password’ or ‘qwerty’ are some of the most commonly breached because they are easily guessed or discovered from leaked password dumps.”
Once they crack your easy little code, hackers can find their way to just about anything — emails, bank accounts, business records, you name it. “The consequences extend beyond data loss; it may lead to identity theft or financial fraud,” he says.
So where do those weak password prompts come in? Well, they're not random. These days, most systems can tell when your password is too easy to guess – and they'll warn you about it.
“The majority of systems that exist nowadays have implemented breach detection services like Have I Been Pwned's API or similar software, which cross-check your passwords against databases of millions of previously stolen credentials from previous hacks,” explains Kalvo. “If your password is matched with one in such a database, you will be prompted to update it right away.” In other words, that weak password prompt is a sign that you could be hacked very, very easily.
“Furthermore, password strength algorithms are also testing length, character variety and randomness,” he says. “For instance, if your password is shorter than eight characters or lacks numeric and special characters, the system considers it weak. Security best practices in most organisations also demand change of password on a regular basis or minimum passwords, which invoke such reminders.”
If you ignore a prompt to update your password, Kalvo says you're essentially leaving your front door open for hackers to come in and take what they like. Yikes.
“In practice, it makes your accounts more susceptible to credential stuffing, where attackers use pilfered passwords on one site to gain access to others, or brute force, where they try systematically various combinations of passwords,” he says. “The consequences can be catastrophic: unauthorised expenditure, identity theft or personal embarrassment through hijacked social media profiles. Recovery can be costly, time-consuming and in certain cases, impossible.”
Kalvo suggests updating your passwords frequently — whether you get a prompt or not. “On precious accounts such as corporate networks, banks, or email, a 60-90 day password update is recommended if you do not use MFA,” he says. “If there is MFA and good, unique passwords, then you can safely extend this time frame.”
We need to rethink how we consume and engage with stories of misogyny and women’s trauma.
He adds, “For lower-risk consumer accounts, though, it may be updated less frequently but still as soon as notice is received of any security issue. Ultimately, however, consideration needs to be given to good, unique passwords with other aspects like MFA instead of in frequent changes.”
How to create a good password? "The best password is at least 12 to 16 characters long and contains a combination of upper case and lower case letters, digits and symbols in an unpredictable manner. For example, rather than ‘Summer2025,’ a more secure password would be something such as ‘S! 7m#R2vQp9L&’ or even a passphrase consisting of random words with numbers and symbols placed between them, such as ‘Blue7$Tiger*Walks! Sun.’”
Annoying, yes, but worth it. And instead of remembering all of your symbol-filled passwords, you can keep things simple with a password manager – “like 1Password, LastPass or Bitwarden.,” Kalvo says. “These tools can generate powerful passwords and lock them so there's no temptation to reuse or compromise passwords.”
.png)
