Why Strong Passwords Alone Are No Longer Enough: Key Cybersecurity Lessons from Smart Consult's Salassi Vandy
Cybersecurity expert Salassi Vandy shares practical tips on passwords, 2FA and phishing to help users stay safe from today's cyber threats.

As cybercrime continues to evolve, protecting online accounts requires more than simply choosing a strong password. During a recent edition of The Big Conversation on The Morning Show, cybersecurity expert Salassi Vandy of Smart Consult joined host Amy Cherry to discuss practical ways individuals can better secure their digital lives against hackers and online scams.
The discussion highlighted how cyber threats have become increasingly sophisticated and why internet users must adopt multiple layers of security to protect their personal information.
Passwords Are the First Line of Defence
Opening the conversation, Vandy explained that passwords serve the same purpose as keys to our homes—they prevent unauthorized access to our digital accounts.
However, he noted that many people unknowingly expose themselves to cyberattacks by relying on weak passwords based on personal information such as birthdays, names, or common dictionary words.
Instead, he recommended creating passwords that combine uppercase and lowercase letters, numbers, symbols, and longer phrases that are difficult for attackers to guess.
According to Vandy, cybercriminals often use automated software capable of testing millions of password combinations every second, making simple passwords easy targets.
Every Account Should Have a Different Password
One of the key recommendations from the discussion was avoiding the use of a single password across multiple platforms.
While many users prefer one password because it is easier to remember, Vandy warned that if a hacker obtains those credentials from one compromised website, they can attempt to access email accounts, social media platforms, banking applications, and other services using the same login details.
To address this challenge, he encouraged users to take advantage of built-in password managers available on Android and Apple devices. These tools securely store unique passwords for different accounts while requiring users to remember only one master password.
Two-Factor Authentication Adds Critical Protection
The conversation also focused heavily on Two-Factor Authentication (2FA), which Vandy described as an essential security feature rather than an optional one.
He explained that after entering a password, users should be required to verify their identity through an additional step such as an SMS code or an authentication application.
Even if an attacker successfully obtains someone's password, they would still need access to the second verification method before gaining entry into the account.
Vandy recommended enabling 2FA on all important accounts, including banking applications, mobile money platforms, email services, and social media accounts.
Authentication Apps Offer Greater Security
Although SMS verification remains popular, Vandy cautioned that it is not immune to attacks.
He discussed SIM-swapping—a form of fraud where criminals trick mobile network operators into transferring a victim's phone number to another SIM card—allowing them to receive authentication codes intended for the legitimate owner.
As a more secure alternative, he recommended authentication applications such as Google Authenticator, Microsoft Authenticator, and Duo Mobile, which generate time-sensitive verification codes directly on a user's device.
Social Engineering Is Often the Hacker's Greatest Weapon
Rather than relying solely on technical attacks, Vandy explained that many hackers begin by gathering publicly available information about their targets.
Information shared on social media—including birthdays, schools attended, pets' names, workplaces, and family details—can provide valuable clues that help criminals guess passwords or answer account recovery questions.
This technique, known as social engineering, continues to be one of the most effective methods used by cybercriminals.
Phishing Scams Continue to Trap Victims
Amy Cherry also raised concerns about fraudulent emails, text messages, and links that appear legitimate but are designed to steal personal information.
Vandy explained that phishing scams often claim recipients have won prizes, received government support, or need to verify an account. Victims are directed to fake websites where they unknowingly enter usernames, passwords, and verification codes.
He advised users to be cautious of unexpected messages, especially those creating urgency or requesting sensitive information.
Rather than clicking unfamiliar links, users should visit official websites directly or verify suspicious links using trusted sources.
Artificial Intelligence Is Changing Cybersecurity
The discussion also explored how artificial intelligence is making scams more convincing.
Vandy noted that AI-generated voices, personalized messages, and sophisticated phishing campaigns are making it increasingly difficult to distinguish legitimate communications from fraudulent ones.
Because of this, he emphasized the importance of what he described as the "human factor"—taking time to verify requests, particularly those involving financial transactions or sensitive information, even when they appear to come from trusted contacts.
Recognising When an Account Has Been Compromised
The interview also addressed the warning signs that an online account may have been hacked.
Users should pay attention to unusual login notifications, unknown devices connected to their accounts, unexpected messages sent from their profiles, or reports from friends that suspicious messages are being received.
For WhatsApp users in particular, Vandy recommended regularly reviewing linked devices and immediately removing any unfamiliar sessions.
What To Do After a Hack
If an account has already been compromised, Vandy advised acting quickly by changing passwords, enabling Two-Factor Authentication, logging out of all active sessions, and notifying the relevant service provider where necessary.
He also encouraged users to contact their mobile network operator immediately if they suspect their phone number has been compromised, especially in cases involving mobile money or SIM-swapping attacks.
VPNs Improve Privacy—But They're Not a Complete Solution
The discussion concluded with a brief explanation of Virtual Private Networks (VPNs).
According to Vandy, VPNs help mask a user's internet connection and improve online privacy, particularly when accessing public networks or bypassing geographical restrictions.
However, he stressed that VPNs should not be viewed as a replacement for strong passwords or Two-Factor Authentication but rather as one additional layer in a broader cybersecurity strategy.
A Timely Reminder for Internet Users
As online threats continue to evolve, the interview served as a timely reminder that cybersecurity is no longer the sole responsibility of technology professionals.
Simple measures such as using unique passwords, enabling Two-Factor Authentication, relying on password managers, and remaining cautious of phishing attempts can significantly reduce the risk of becoming a victim of cybercrime.
Ultimately, as Salassi Vandy emphasized throughout the discussion, protecting digital identities requires a combination of technology, awareness, and responsible online behaviour.