Typing a password to access one of the tens or hundreds of services that we use has become such an everyday part of our lives that we rarely give it a second thought. We often try to keep our passwords simple and easy to remember to move quickly past logging in and get on with what matters. That is just one of the many mistakes we make when it comes to something that we rely on to secure a part of our digital identity.
- Using the same password everywhere
The easiest way to remember a password is to use only one, but that’s also the fastest route to disaster and the number one password mistake. Once a successful phishing attack captures that password, the attacker essentially has the keys to the kingdom. While it’s probably okay to use the same password for sites that don’t store any PII, you should use different and secure passwords in any situation where your identity or financial information could be compromised.
- Varying passwords with a single character
This is a password mistake trap many people fall into when asked to change their passwords; they comply by changing a “12” to a “13.” Password-guessing programs are wise to this trick and can sniff it out in seconds.
A variation of this dangerous practice is to include a non-alphanumeric character by tacking “!” onto the end of your existing password.
- Using personal information in passwords
Avoid using names of relatives, celebrities, sports teams, pets, or any other standard terms in your passwords. Cracking software automatically looks for the most common combinations like Yoda123, and social networks make it straightforward for crooks to harvest that information. It would be best to assume that adding a string of characters to a familiar name is enough protection.
- Sharing passwords with others
You might have the most strong password in the world, but if you share it with someone who stores it in an email account protected by “qwerty,” it won’t make a bit of difference. Your passwords are for your eyes only.
- Using passwords that are too short
A decade ago, a five- or six-character password was enough to beat most cracking programs, but computers are so much faster now that a brute-force attack can guess a six-character password. Think 12 characters at a minimum.
- Storing passwords in plain text
One easy way to remember passwords is to store them in a spreadsheet or mail them to yourself—bad idea.
- Using recognizable keystroke patterns
“1qaz2wsx” may seem like a pretty tough password to guess until you look at your keyboard and notice the pattern. A random series of letters and numbers must be genuinely random to have a chance.