15 Password Mistakes You Should Never Make

Password pitfalls: 15 seemingly harmless habits that invite trouble and compromise your online security

Laptop, book, cellphone, and mouse chained together | ©Image Credit: Pexels / Pixabay
Laptop, book, cellphone, and mouse chained together | ©Image Credit: Pexels / Pixabay

In today’s digitally-driven society, where hacks and data breaches dominate headlines, many of us continue to make critical password mistakes that leave our online accounts vulnerable. From email and social media to online shopping, banking, and work-related platforms, our digital lives span countless services, each requiring robust protection.

To safeguard your online security, it’s essential to recognize and avoid common pitfalls. To that effect, we’ve identified 15 password mistakes that, when avoided, can significantly improve your digital protection and reduce your risk of falling victim to cyber-attacks.

Creating Common Passwords

Creating Common Passwords
©Image Credit: Pexels / Miguel Á. Padriñán

The stronger your passwords are, the better. While creating common passwords may be easy to remember, they are equally easy to crack. With the prevalence of online hacking, creating complex and unique passwords is necessary to ensure the safety of your personal information and online accounts.

Hackers have developed techniques to guess potential victims’ passwords quickly, so using simple strings of numbers like “12345” or short words and common pet names isn’t a good idea.

Using Personal Information in Passwords

Using Personal Information in Passwords
©Image Credit: Pexels / Pavel Danilyuk

Incorporating personal information into your passwords could turn into a costly mistake. Details like your address, phone number, or even the names of family members are often readily accessible online to anyone who knows where to look. This information can be the starting point for hackers attempting to guess your password.

Avoid using anything that relates to you personally, instead, opt for an unpredictable password that is not easily associated with your identity.

Using Short Passwords

Using Short Passwords
©Image Credit: Pexels / Miguel Á. Padriñán

Short passwords are easier for cybercriminals to crack. Ideally, a strong password should be between 12 to 16 characters long and include a mix of letters, numbers, and symbols. This is why many platforms require users to create longer passwords, that incorporate a variety of these elements.

Mark Burnett, an author, security expert, and Microsoft MVP, in his book Perfect Passwords, insists that the strength of a password lies in its length.

Telling Passwords to Others

Telling Passwords to Others
©Image Credit: Pexels / Pavel Danilyuk

Many of us may have received emails or messages asking for our passwords to “validate” our account information when, in fact, we made no such request. While it’s obvious that this is a scam, it’s worth reiterating that legitimate support staff from banks, retailers, or professional companies will never ask their clients for passwords.

Always avoid entering your password on unfamiliar online platforms or clicking on random links requesting your password. Hackers often use these tactics to gain unauthorized access to your online accounts.

Jotting Down Passwords

Jotting Down Passwords
©Image Credit: Pexels / Kaboompics.com

One of the best ways to protect your accounts is to ensure that your passwords are not written down anywhere.

Many of us jot down our passwords on sticky notes, scraps of paper, or other physical storage methods to keep track of our online accounts. While this may help you keep track of your passwords, it also poses a risk to your online security.

Sharing Passwords or Accounts with Others

Sharing Passwords or Accounts with Others
©Image Credit: Pexels / Ketut Subiyanto

In addition to writing down passwords, many of us willingly share our login credentials with others, particularly for video streaming services like Netflix or online shopping accounts such as Amazon.

While this may seem like a generous thing to do, sharing passwords or accounts comes with its downsides. Not everyone maintains the same level of security on their devices, so your personal information could end up being compromised especially if the person you shared your account or password with falls victim to a phishing scam.

Easily Guessable Security Questions

Easily Guessable Security Questions
©Image Credit: Pexels / Pixabay

One good tip for answering account security questions is to provide false information. Truthful answers, such as your mother’s maiden name or your first pet’s name, are easily guessable and can often be obtained online with a few quick searches.

Security questions are used for password recovery. If hackers answer these questions correctly—thanks to your truthful responses—your account could easily be compromised and may even lead to a password reset request by the perpetrator.

Using the Same Passwords for All Accounts

Using the Same Passwords for All Accounts
©Image Credit: Pexels / picjumbo.com

If using a simple password is risky, using the same password for all your accounts on apps and websites is even more so. Think of it as installing the same lock on every door in your neighborhood; if one lock is compromised, so are all the others.

To ensure your online safety, it is advisable to use a diverse range of passwords for your accounts. This practice prevents hackers from gaining access to multiple accounts, effectively reducing the likelihood of a potential cyberattack.

Not Deactivating Unused Accounts

Not Deactivating Unused Accounts
©Image Credit: Pexels / Tracy Le Blanc

You may have created several online profiles over the years that you no longer use, such as old email addresses, forum memberships, or social media accounts. While it may seem perfectly harmless to leave them be, the fact is that the more information linked to your name or email address, the larger your potential online footprint becomes.

Unused accounts can be likened to a file cabinet with a broken lock; once hackers gain access to it, you’ve already been compromised. If you can’t deactivate these accounts, consider deleting all the posts or changing the associated email address to a new one that has no personal information tied to it.

Having No Recovery Information

Having No Recovery Information
©Image Credit: Pexels / Markus Spiske

Having no recovery information is akin to making hackers’ lives easier. This vulnerability makes your account more susceptible to unauthorized access, allowing malicious actors to add their own information and lock you out of your account completely. As they say, err on the side of caution and make sure you add all the recovery information you can to protect your account.

Not Changing Passwords After a Data Breach

Not Changing Passwords After a Data Breach
©Image Credit: Pexels/ Mikhail Nilov

If you receive a security alert about a data breach affecting your account, you should change your password immediately. This is crucial because if your account information has been compromised, there’s a chance that unauthorized individuals could use this information to hack into multiple accounts you own.

Using the Same Details

Using the Same Details
©Image Credit: Pexels / Kaboompics.com

Using the same details across your online profiles is another security risk you want to avoid. While your bank account may have robust security measures, the same cannot be said for the various online services you might use.

When you use identical information, such as a username or email address, across multiple websites or apps with varying security levels, you’re leaving room for a lot of vulnerability. If a less secure account is compromised, it can provide hackers with valuable information that may help them access your more critical ones. This interconnection of accounts through shared details can potentially expose your entire online presence.

Unchecked Logged-In Sessions

Unchecked Logged In Sessions
©Image Credit: Pexels / Pixabaygged In Sessions

Some platforms, such as Facebook, allow users to view their active login sessions. These details typically include the device type, the browser you use, your approximate location, and login time. While your exact IP address isn’t displayed, Facebook does provide a general location for each session.

To enhance your account security, it’s advisable to regularly review your active sessions and log out of any that seem suspicious, unfamiliar, or unnecessary.

Saving Passwords in Browsers

Saving Passwords in Browsers
©Image Credit: Pexels / Anna Shvets

Saving your passwords in internet browsers is never a good idea. Saved passwords are not always protected with encryption, making them susceptible to hackers. Doing this is especially risky if you use a shared device or if your device is lost or stolen, as it exposes your passwords to anyone with access to it. While typing your passwords may feel like a chore, it’s always better to be safe than sorry.

Changing Passwords with Minor Modifications

Changing Passwords with Minor Modifications
©Image Credit: Pexels / Pixabay

Every once in a while, some apps, like online banking ones, request their users to change their passwords for enhanced security. However, if you only plan to make minor modifications to your passwords, this might be of little benefit.

Adding just a number or a letter doesn’t significantly improve security, and can even make your passwords more predictable for attackers. If you decide to change your passwords, ensure they are completely different from what you previously used. This way, you’re not making hackers’ jobs easier and are actively preventing them from accessing your accounts.

Sources: Reader’s Digest, Tech Life Future, Dashlane