Top 11 Mistakes to Avoid When Creating a Password

Reading Time: 4 minutes

Every day, more and more people are having their accounts hacked because of their passwords. People have had money stolen from their bank accounts, lost sleep, spent hours setting up new accounts, or had their credit ruined. And the source of all of this can be traced to weak passwords.

If you do not secure your computer and online accounts with a strong password, the more vulnerable they will be to hackers and malicious software.

With that being said, here are 8 common mistakes to avoid when choosing a password…

Mistake #1: Using the same password on different websites.

Many victims of online banking fraud often use the same password for their online bank accounts as they do for social media and online shopping sites. Recent research carried out by F-Secure shows that people have an average of over one hundred accounts requiring password login and 41 percent of those people reuse the same password across those accounts. That number increases to 56 percent when slight variations of the same password are used. This is understandable. Remembering long, complex and totally unique passwords for so many different email and password combinations is practically impossible.

But what you must realise is that if you use the same login info for all of your online accounts and if any one of those sites get hacked, you would have to change your password on every other site. For example, if a cybercriminal gets hold of your eBay password, the first thing they will do is try it with your PayPal account. Using a single password for all of your online accounts is just like having a master key that unlocks everything. If someone gets access to that key, they can steal everything.

Mistake #2: Not updating your password.

Many people find it inconvenient to change their passwords, which is why they carry on using the same passwords for years. This can be quite dangerous, especially if your password is not particularly strong. If your password is less than 12 characters, your password is vulnerable, and it is important to change your password on a regular basis such as every 90 days to avoid being hacked.

Mistake #3: Using short passwords

One of the most common ways that hackers try to guess your password is through brute force attacks. As already mentioned, any password that is under 12 characters is vulnerable. Brute force attacks show that password length is very important. If you have a six-character password with upper case, lower case, numbers and special characters, that six-character password can be brute forced in about 12 hours.

If you increase that toe a 12-character password, it would take almost 2000 years to brute force the same password. So just by doubling the password length, you have significantly increased the amount of time it would take an attacker to brute force your password. This means, the longer your password, the better.

Mistake #4: Using people’s names.

Along with a longer password, you want to make sure that your password has enough randomness in it. Passwords that are created around things like names are much easier for cybercriminals to break because the combination of characters is more predictable. By choosing a name as your password, you’re making a hacker’s job easier. Avoid using people’s names, celebrity names, kids’ names, nicknames, names from characters in books or movies.

You should also avoid other obvious choices such as your address, favorite band, sports team, pet’s name, the word ‘password,’ and any alternations of it. Such passwords are very weak and will be relatively easy to guess. When you use weak passwords to secure your online accounts, you are only making it easier for someone to compromise all of your accounts.

Mistake #5: Using easy to remember English words

English words that are easy to remember are also easy to guess. Your passwords should never contain English words, non-English words or any words that can be found in any dictionary. Furthermore, according to security experts, if your password contains one or more recognizable words with a few of the letters changed to numbers and even with some random characters at the beginning and/or end, it could get cracked in as little as 3 days.

Mistake #6: Using personal information as your password.

Avoid including information about you that is easy to find online in your password. These include birthdays, social security numbers, telephone numbers, anniversaries, address, city of birth, university, high school, and relatives’ and pets’ names. Using these types of details will only make your password easier to guess.

Mistake #7: Using a used computer you bought from a private buyer without checking for malware.

Logging in to your personal accounts on a second hand computer that you bought from a private buyer is a big risk. Install antivirus before you do any such thing. It is easy for cybercriminals to sell computers that they have infected with malware that is designed to steal your password. They can also install a keylogger that tracks everything you type and relays it back to the previous owner, including the usernames and passwords you’ve used to sign into your bank accounts.

Mistake #8: Relying on common substitutions in your password.

Common tricks such as substituting numbers or special characters for letters are completely ineffective against brute force attacks. Those types of passwords will be cracked with ease. Random character placement is a much more effective technique. 

Mistake #9: Entering your passwords when connected to public Wi-Fi.

Do not enter your passwords whenever you are connected to an unsecured Wi-Fi connection. Free Wi-Fi such as those that are found in coffee shops, hotels, train stations and other places are known to be favorite hunting grounds for hackers. It will be easy for them to harvest your passwords and confidential information over an unsecured connection.

Mistake #10: Saving passwords in your browser.

Whenever your internet browser asks for permission to remember your passwords especially when you sign into a site like your bank, always decline and choose the “never” option.

Mistake #11: Using your password on an insecure computer.

Do not enter your password on computers that you have no control over. That computer may have malicious software designed to steal your password.

You are ultimately responsible for keeping your information safe and secure. These tips can help you avoid most of the hazards you may come across along the way.

Click here to learn how you can create a long and complex password that will be very easy for you to remember.

Leave a Reply

Your email address will not be published. Required fields are marked *