In today’s digitally-driven society, where hacks and data breaches dominate headlines, many of us continue to make critical password mistakes that leave our online accounts vulnerable. From email and social media to online shopping, banking, and work-related platforms, our digital lives span countless services, each requiring robust protection.
To safeguard your online security, it’s essential to recognize and avoid common pitfalls. To that effect, we’ve identified 15 password mistakes that, when avoided, can significantly improve your digital protection and reduce your risk of falling victim to cyber-attacks.
Creating Common Passwords
The stronger your passwords are, the better. While creating common passwords may be easy to remember, they are equally easy to crack. With the prevalence of online hacking, creating complex and unique passwords is necessary to ensure the safety of your personal information and online accounts.
Hackers have developed techniques to guess potential victims’ passwords quickly, so using simple strings of numbers like “12345” or short words and common pet names isn’t a good idea.
Using Personal Information in Passwords
Incorporating personal information into your passwords could turn into a costly mistake. Details like your address, phone number, or even the names of family members are often readily accessible online to anyone who knows where to look. This information can be the starting point for hackers attempting to guess your password.
Avoid using anything that relates to you personally, instead, opt for an unpredictable password that is not easily associated with your identity.
Using Short Passwords
Short passwords are easier for cybercriminals to crack. Ideally, a strong password should be between 12 to 16 characters long and include a mix of letters, numbers, and symbols. This is why many platforms require users to create longer passwords, that incorporate a variety of these elements.
Mark Burnett, an author, security expert, and Microsoft MVP, in his book Perfect Passwords, insists that the strength of a password lies in its length.
Telling Passwords to Others
Many of us may have received emails or messages asking for our passwords to “validate” our account information when, in fact, we made no such request. While it’s obvious that this is a scam, it’s worth reiterating that legitimate support staff from banks, retailers, or professional companies will never ask their clients for passwords.
Always avoid entering your password on unfamiliar online platforms or clicking on random links requesting your password. Hackers often use these tactics to gain unauthorized access to your online accounts.
Jotting Down Passwords
One of the best ways to protect your accounts is to ensure that your passwords are not written down anywhere.
Many of us jot down our passwords on sticky notes, scraps of paper, or other physical storage methods to keep track of our online accounts. While this may help you keep track of your passwords, it also poses a risk to your online security.
Sharing Passwords or Accounts with Others
In addition to writing down passwords, many of us willingly share our login credentials with others, particularly for video streaming services like Netflix or online shopping accounts such as Amazon.
While this may seem like a generous thing to do, sharing passwords or accounts comes with its downsides. Not everyone maintains the same level of security on their devices, so your personal information could end up being compromised especially if the person you shared your account or password with falls victim to a phishing scam.
Easily Guessable Security Questions
One good tip for answering account security questions is to provide false information. Truthful answers, such as your mother’s maiden name or your first pet’s name, are easily guessable and can often be obtained online with a few quick searches.
Security questions are used for password recovery. If hackers answer these questions correctly—thanks to your truthful responses—your account could easily be compromised and may even lead to a password reset request by the perpetrator.
Using the Same Passwords for All Accounts
If using a simple password is risky, using the same password for all your accounts on apps and websites is even more so. Think of it as installing the same lock on every door in your neighborhood; if one lock is compromised, so are all the others.
To ensure your online safety, it is advisable to use a diverse range of passwords for your accounts. This practice prevents hackers from gaining access to multiple accounts, effectively reducing the likelihood of a potential cyberattack.
Not Deactivating Unused Accounts
You may have created several online profiles over the years that you no longer use, such as old email addresses, forum memberships, or social media accounts. While it may seem perfectly harmless to leave them be, the fact is that the more information linked to your name or email address, the larger your potential online footprint becomes.
Unused accounts can be likened to a file cabinet with a broken lock; once hackers gain access to it, you’ve already been compromised. If you can’t deactivate these accounts, consider deleting all the posts or changing the associated email address to a new one that has no personal information tied to it.
Having No Recovery Information
Having no recovery information is akin to making hackers’ lives easier. This vulnerability makes your account more susceptible to unauthorized access, allowing malicious actors to add their own information and lock you out of your account completely. As they say, err on the side of caution and make sure you add all the recovery information you can to protect your account.
Not Changing Passwords After a Data Breach
If you receive a security alert about a data breach affecting your account, you should change your password immediately. This is crucial because if your account information has been compromised, there’s a chance that unauthorized individuals could use this information to hack into multiple accounts you own.
Using the Same Details
Using the same details across your online profiles is another security risk you want to avoid. While your bank account may have robust security measures, the same cannot be said for the various online services you might use.
When you use identical information, such as a username or email address, across multiple websites or apps with varying security levels, you’re leaving room for a lot of vulnerability. If a less secure account is compromised, it can provide hackers with valuable information that may help them access your more critical ones. This interconnection of accounts through shared details can potentially expose your entire online presence.
Unchecked Logged-In Sessions
Some platforms, such as Facebook, allow users to view their active login sessions. These details typically include the device type, the browser you use, your approximate location, and login time. While your exact IP address isn’t displayed, Facebook does provide a general location for each session.
To enhance your account security, it’s advisable to regularly review your active sessions and log out of any that seem suspicious, unfamiliar, or unnecessary.
Saving Passwords in Browsers
Saving your passwords in internet browsers is never a good idea. Saved passwords are not always protected with encryption, making them susceptible to hackers. Doing this is especially risky if you use a shared device or if your device is lost or stolen, as it exposes your passwords to anyone with access to it. While typing your passwords may feel like a chore, it’s always better to be safe than sorry.
Changing Passwords with Minor Modifications
Every once in a while, some apps, like online banking ones, request their users to change their passwords for enhanced security. However, if you only plan to make minor modifications to your passwords, this might be of little benefit.
Adding just a number or a letter doesn’t significantly improve security, and can even make your passwords more predictable for attackers. If you decide to change your passwords, ensure they are completely different from what you previously used. This way, you’re not making hackers’ jobs easier and are actively preventing them from accessing your accounts.
Sources: Reader’s Digest, Tech Life Future, Dashlane