It’s nearly impossible to try and count how many new passwords you had to make last year. The reason behind this is that you just forget about registering to this random site or e-store, but what if, by doing so, you’ve exposed yourself to malicious online agents?
To stay safe, you must become better at making new passwords.
Sure, the password is not the only thing you need to protect your devices, but it’s a step you can’t move past. With that in mind, here are the top eight mistakes you make every time you need a new password (so you can stop making them).
1. Picking something meaningful
If you pick something meaningful, people will have a much easier job figuring out your password just by thinking about it. Just think about it: all they need to do is figure out the name of your pet, your mom’s maiden name, or your kid’s birthday. Figuring these out is easier than you think.
Also, you need to understand that capitalizing a random letter or adding a random number at the end of your “meaningful” password won’t fix the issue. Random means that it shouldn’t be related to the original concept. It means either something that no one in their right mind would ever imagine could be your password or, even better, a random string of letters, numbers, and symbols.
2. Picking something simple or obvious
Is “123456” a meaningful password? Of course not, but is it a simple one? Yes! Surprisingly enough, it’s so common that the hacker may attempt it even without any tool, just for the sake of it. How common exactly? 23.2 million in the UK apparently use it! Now, what we’re going to say is a bit controversial, but cybersecurity is more than “123456,” if you rely on that, you’ll never be safe.
We understand why people use these simple passwords – they’re lazy or can’t be bothered to create or memorize another unique password. We get that; however, using this excuse is quite disingenuous. After all, if you lay in bed and remembered that you didn’t lock the front door in the middle of the night, would you just go back to bed hoping nothing bad would happen? Of course not! So, why not apply the same principle to cybersecurity?
3. Using the same password as on other platforms
As we’ve already mentioned, people are lazy but are not always aware of the fact. For instance, they may try to develop a great password, but then they’ll believe that this one password is enough, and they’ll use it for every platform.
In theory, this could work. After all, it’s a strong password, which is harder to crack than several weaker ones. The problem is that once it’s cracked, your entire online persona is at risk.
So, it’s not just enough for a password to be strong. Passwords need to be strong and unique. This means you must develop several great passwords, not just be content that you made one. Now, later on, we’ll also discuss why it’s important to change these passwords regularly. If you’re worried about having to come up and memorize dozens of passwords, worry not; we’ll address the solution to this problem in our next segment…
4. Not using tools
Password managers will automate the process from the list, which is just one reason why around a third of people use them. In fact, picking a software which is best for password control is one of the simplest things you can do to boost your online security. You can develop unique, randomized passwords in seconds; you don’t have to memorize or write them down manually, and changing them every 60 days is not that big of a deal.
Most password managers offer a multi-device sync, which means you’re not just protecting the device it’s on but actively protecting your entire online presence. This is one great perk of using password managers that you shouldn’t downplay, even if it’s not your primary objective.
Remember that the majority have a password auditing feature, which means you can apply them retroactively. So, if you habitually set bad passwords in the past, now’s the time to fix this.
5. Using keyboard sequences
Sometimes, you’re making a password that’s so easy to crack, but you’re unaware. This is often the case when using keyboard sequences. Go to the single-player video game you’ve just played and check the name of your last savegame file. Chances are that it’s something like:
- Asasaada
- Qwerty
- Zxcvb
The thing is that these are all natural keyboard sequences that you’re not even aware of using. They’re also incredibly easy to crack. Not only that, but these sequences are something that a hacker might try manually before they entrust it to a cracking tool. Like 123456, qwerty is an incredibly common password, used by 3.8 million people in the UK.
6. Ignoring physical world threats
Writing your password on paper will make it impervious to hackers, which is perhaps why 37% of people do it. But what happens when you lose this piece of paper? What if you have the username or email on this paper (as many people do)? The bottom line is that you can’t ignore these real-world threats.
Then again, losing a piece of paper is not the only potential threat. What if you tell someone who’s not as trustworthy as you assume they are? What if you’re away and can’t log in from your home, so call/text a friend and ask them to log in for you? What if their device doesn’t have an antivirus or an uninstalled keylogger they’re unaware of?
This is like giving a key to your home to someone else. Sure, you may trust them not to be malicious, but can you trust them not to get pickpocketed? How could you?
7. Think that the platform rules are enough
No, password rules are not enough on their own. Sure, a password may insist that you use at least:
- Eight characters
- One capital letter
- One number
- One symbol
Following that logic, “P@ssword1” would be a great password. However, it’s a terrible password that would be incredibly easy to guess, despite honoring all the rules in the guidelines.
However, this is not the point. The point is that this rule exists to prevent you from taking the path of least resistance. It prevents you from using “password” as your password. It tries to force you to randomize your passwords, but if you’re dead set on not making an effort, you have no one else to blame when your password gets cracked.
Also, sometimes, there will be no rules preventing you from using “password” as a password. This doesn’t mean that it’s ok to make it that easy.
8. Not changing it often enough
You should change your password every 60-90 days. While this is a soft rule and, for the most part, your strong password will remain intact, this is that extra thing you can do to make things secure.
The problem is that it’s a lot of effort. Also, if you have ten accounts (and in practice, you have a lot more), you must change them every 90 days. This would mean you would have at least 40 different passwords yearly. Just think about how hard it is to come up with just one that fulfills all the criteria we’ve discussed earlier.
Fortunately, with the password manager (that we’ve previously discussed), this isn’t that big of a problem.
It doesn’t take more than a minute to come up with a strong password; there’s no excuse
Your password is likely the first and the last line of defense on any platform. Most of the time, people will try to guess it, and if it’s weak enough, they may fail. We’re not even talking about hackers. We’re talking about fake friends, angry exes, and malicious coworkers. At the very least, make it a bit harder.