ebook special offer

15 Common Password Mistakes
(Everyone Makes)

Password Mistakes

Hacking does not have to be high-tech. Most passwords are cracked with guesswork, links, Google, or just impersonating customer support.

Would you buy the cheapest, flimsiest lock for your house? Passwords are the gatekeepers of electronic things, yet most people choose passwords that are easier to break than the average padlock.

Here is a look at the most common password mistakes, and what you can do to ensure maximum security for anything that a password protects.

1. An Illusion Of Safety

The first mistake is assuming that passwords are always safe, all the time.

Passwords can be safer, but no password in the world is completely safe.

Accounts should be checked to spot which devices are logged in. End any unrecognised sessions. For added safety, passwords should be changed once every couple of months.

2. Choosing Common Passwords

Do not choose “common” or sequential passwords. That means no choosing 1-2-3 or a-b-c to keep electronic data safe.

Routers and other devices often have default passwords. Always change the obvious default passkey, which is likely set to a numeric sequence or something like “administrator”.

3. Making Passwords Personal

Personal passwords are a huge mistake.

An example is choosing a Star Wars reference as a fan. It is too easy for a would-be hacker to gather this information from a public timeline.

Another example is choosing the birth date of a family member, the name of a friend, or the name of a street.

Just do not do it.

4. Exposing Passwords To Others

Official support staff will never request a password from a customer. It is true for banks, retail, and most professional companies.

Exposing passwords to others (who might seem official enough to ask for them) is something that happens every day. Huge networks have been exposed this way.

Do not enter your password into any online forms, do not click random request links, and do not expose passwords to anyone who asks for them.

5. Using Words As Passwords

Common words make bad passwords for several reasons.

First, they are easy to guess with some research and thought.

More than that, they are also easier to break through what is called a dictionary attack. Dictionary attacks scan against words that appear in loaded dictionary lists.

When you choose common words for passwords, you are making a potential hacker's job easier.

Writing Passwords

6. Writing Passwords Down

Passwords should not be written down, yet there are thousands of people who do this every day. 

Any password left on a piece of paper somewhere is more exposed than a password that is not.

Using a secure password manager is a safer option for people who have trouble keeping track of their online accounts.

7. Sharing Passwords (Or Accounts) With Others

Shared social media accounts are common. 

The fact that they are shared by more than one person (or device) is a vulnerability.

Can two people always have the same level of security on their devices? 

When accounts are shared, the risk of vulnerability goes up.

8. Leaving Accounts Logged In

Leaving accounts logged in can lead to potential hackers striking gold amongst your online accounts.

Typing the password every time might feel like a chore, but it keeps your accounts safer.

9. Vulnerable Other Accounts

Let us say that your bank's account uses top-level security. But let us say that you have used the same username for a local newspaper website that uses lower level security.

Vulnerable, secondary accounts can lead a hacker on a trail through your entire online portfolio.

Use different details for varying accounts. Ideally, close any accounts that you are not using anymore.

10. Searchable Security Questions

Lie on your security questions.

Truthful security questions (like your mother's maiden name) are all things that can be searched online. Often, the answers to them are public.

Security questions are used for password recovery. When they are unsafe, the entire account is exposed and potentially wide open for a password reset request.

11. Using The Same Password (For Everything)

A diverse range of passwords for your portfolio of online accounts is the best way to ensure that each account is as safe as possible.

The same password for more than one account is a wide-open hole in your account network. Once a hacker accesses one account, they might gain access to everything.

Choosing diverse passwords means that you will have more time to stop a potential cyberattack.

Missing Malware

12. Missing Malware

Malware can include the tracking of keystrokes on your device or computer. Keystrokes are a yellow brick road to everything you have typed, including important login details.

Check devices for the presence of malware on a regular basis. Free tools like AVG will do the trick.

13. Logged In Sessions

Accounts (like for example, Facebook) allow users to see which sessions are logged in. Details like location, time, and operating system might be listed with an IP address.

Double-check potentially logged in sessions. Log out any that appear as duplicates, or that you do not recognize.

A potential hacker might be going undetected – and just because you have not looked in a while.

14. Old, Unused Accounts

The more information that can be tied to your name or e-mail address, the larger your potential online footprint could be. 

Remember that old forum account you registered seven years ago? How about that Twitter account you made in college?

Unused accounts are like a file cabinet with a broken lock. Once you are in, you have got access to everything.

Close or deactivate unused accounts. If you cannot, delete posts, or change the e-mail address to a new one with no information tied to it.

Recovery Information

15. Old (Or No) Recovery Information

Leaving old (or no) recovery information on accounts is a sure way to make the job easier for potential hackers. 

When an old e-mail address or phone number gets sensitive information, there's no guarantee that the person on the other end won't use it for nefarious purposes.

Leaving no recovery information for accounts at all leaves the vulnerability of a hacker adding their details for yours. It can also lead to getting locked out of accounts yourself with no way to fix it.

About The Author: 
Alex J. Coyne is a journalist and card writer. He writes, edits, proofreads, and authors the Prime bridge column for Bridge Base Online.