• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Dropbox False Alarm: 5 Tips for More Secure Passwords

Earlier this month you may have heard the sound of millions of Dropbox users sighing in relief at the news that the popular file back-up and sharing site hadn’t become the latest victim of looting hackers.

Hackers posted online that they’d gotten ahold of the user credentials of seven million Dropbox users. The more Bitcoins that were donated to the hackers, the more log-ins they promised to make public.

This was definitely not music to Dropbox’s ears and after a little investigating of its own, it was able to emphatically state that it hadn’t been hacked and that users’ personal files were safe. Apparently the credentials that were being posted had been swiped during attacks on unrelated services and sites. Hackers were spreading the stolen info around so that it could be used to attempt to log-in to multiple sites – including Dropbox – just to see if anything worked.

Dropbox assured users it had protections in place to detect suspicious log-in activity and automatically change passwords if necessary. It also directed users to enable two-step verification to further defend accounts against attacks.

It’s good news for Dropbox that its servers weren’t hacked, but that doesn’t change the fact that nearly seven million credentials are still floating around out there, potentially giving cyber crooks access to an untold number of sites.

Tough to crack  

Basically, the hackers in this case were counting on people breaking one of the cardinal rules of password safety: Don’t use the same one for multiple sites. That’s right there under using “password” as your password on the list of security never-dos.        

What better time than National Cyber Security Awareness Month to share these six other tips you can share with users to help them create more secure passwords?

  1. Avoid predictable patterns. Research done for the Federal Defense Advanced Research Projects Agency (DARPA) at an unnamed Fortune 500 company found that nearly half of all users relied on one of five patterns for their passwords. The three most common patterns were:
  • One upper case, then 5 lower case, then 2 digits
  • One upper case, then 6 lower case, then 2 digits
  • One upper case, then 3 lower case, then 4 digits 
  1. Beware of personal info. Using the name of a favorite sports team as a password may make the password easier to remember, but it can also make it easier to guess or hack. For example, if your desk is covered in team pennants and banners or your Facebook picture is you decked out in team merchandise, sports team seems like a pretty good place to start guessing.
  2. Steer clear of real words. Certain password-cracking tools will guess their way through lists of known words. Inserting numbers or special characters in the middle of words is a good way to throw off those types of tools.
  3. The longer, the better. Longer passwords can make a hacker’s job difficult and, depending on the type of the attack and length of the password, it may not even be worth the hacker’s time to try. Most sites have a minimum requirement for password length, but it’s always a good idea to go a few characters beyond what’s needed, just in case.       
  4. Keep it random (or close to it). Computers are pretty good at picking out patterns. This includes numerical patterns which resemble date. Research has shown patterns like day/month combos are particularly easy to crooks to break. Rather than taking on numbers at the end of a password, sprinkle them throughout it to make it harder to break.     
  5. Use a password manager. There are plenty of reputable programs which will secure and encrypt your list of passwords. Having a program that will remember passwords for them can make users more bold and adventurous – and therefore harder to hack – when it comes to password selection.  Instead of having to remember dozens and dozens of separate passwords, you only have to remember the password for your password manager.

To celebrate National Cyber Security Awareness Month, Arraya will be posting a series of tips you can pass along to users in order to ensure your company’s data stays safe. In part one of this series, Arraya reviewed email best practices.

Be sure to check back soon for more National Cyber Security Awareness Month tips.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}