stock-pic-password mistakes-1715651811155

Abu Dhabi: Passwords are a fundamental part of our digital lives – but they also provide an entry point for cybercriminals to access sensitive information.

Cybersecurity experts highlight that password hacking and exploitation are among the most common vulnerabilities for end users. Ignoring precautions to protect sensitive data and privacy online can lead to significant financial losses and severe digital breaches.

Get exclusive content with Gulf News WhatsApp channel

During a recent awareness campaign led by the UAE Cybersecurity Council, five common password mistakes were identified. The campaign, targeting government and private institutions as well as the general public, aimed to enhance password security awareness under the theme “The National Campaign for Cybersecurity: A Year of Digital Awareness and Education.”

The council emphasised that errors in password management are widespread but pose a real danger to user accounts, exposing them to hacking and exploitation.

The five common password mistakes that put user accounts at risk include:

  • Using the same password for multiple accounts
  • Not changing passwords regularly
  • Including easily guessable information (like birth dates or names) in passwords
  • Sharing passwords with others
  • Storing passwords insecurely

The campaign also stressed the importance of caution to avoid phishing and electronic fraud, where attackers deceive users to obtain their personal data.

Kaspersky, a cybersecurity company, highlighted that passwords remain a prime target for sophisticated attacks. Weak and simple passwords attract fraudsters, as hacking them can grant access to various types of data, including personal, financial, and medical records.

Kaspersky noted that there were over 32 million attempts to steal passwords in 2023, underscoring the need for strong, unique, and diverse passwords for different accounts.

The UAE Digital Government emphasized the benefits of using digital identity solutions, such as the UAE Pass application, available on iTunes and Google Play.

This app provides a secure way to access services without the need for multiple passwords, allowing digital document signing and verification without visiting service centers.

Police warning

Abu Dhabi Police also issued a warning against sharing confidential information, such as online banking passwords, ATM PINs, CCV numbers, or one-time passwords (OTPs).

They highlighted that fraudsters often exploit the names of national institutions to deceive victims through fraudulent messages or social media scams.

How to report cyber fraud
The public is urged to report cyber fraud to the “Aman” service, available around the clock via phone, text, email, or the Abu Dhabi Police smart app.

The 24/7 “Aman” service tackles reports and requests in complete confidentiality via the toll-free number 8002626 (AMAN2626), by text message (2828), or via email ( or through the smart application of the Abu Dhabi Police General Command.

To create a strong password, Kaspersky recommends the following criteria:

  • Use at least 8 characters (preferably longer)
  • Include a mix of upper and lower case letters, numbers, and special symbols
  • Ensure it is memorable
  • Make your password unique for each service

Legal view

Legally, cybersecurity lawyer Dr. Fatima Al-Neyadi from Capital Office Fair Law and Legal Consultations, cautions that even complex passwords can be quickly cracked by hackers due to technological advancements.

She advises that passwords with a mix of characters should be long and unique for each site. Additionally, using different passwords for each site can prevent hackers from accessing multiple accounts with the same credentials.

Dr. Al-Neyadi concludes that without additional protections, data cannot be considered safe.

She emphasizes that small letter passwords are slightly more secure, but longer passwords (e.g., 18 characters) significantly increase security. Using the same password across multiple sites is risky, as cybercriminals can exploit hacked username and password combinations to breach other accounts.