We get it. Passwords can be a pain to keep track of and remember. Having to meet password requirements such as mixing capital letters with special characters can get frustrating. Are all these password requirements really necessary? Well, yes.
Weak, shared, and overused passwords allow attackers to access sensitive personal data. When it comes to creating strong passwords and protecting those passwords, there are steps we can take to ensure attackers can’t access them. In this post we will discuss common password pitfalls to avoid to help you stay protected as well as ways to remedy those pitfalls.
Pitfall #1: Reusing the same password across multiple websites / accounts
Many people create one standard password and reuse it for multiple accounts and website logins. While this may help them remember their passwords, it also poses a great security risk. How? Well, if one website or account gets compromised with that standard password, the attacker now has a way to access all websites and accounts where that password was used. So, now instead of personal data being compromised from just one location, all locations where that password was used are at risk of getting breached as well.
Pitfall #2: Sharing passwords.
A lot of people tend to share passwords with friends, family or even co-workers because this can be convenient. For instance, Sally may be at work and realizes she needs access to Bob’s computer. She calls her co-worker Bob to get his computer login credentials. Bob thinks nothing of it and shares his password with Sally. While this is easy and seems like no big deal, this should NEVER be done. The more people who have access to your passwords, the more at risk your accounts become: Sally may end up sharing Bob’s password with another co-worker. That co-worker may then get fired and now has company issued credentials which he can use for harm. Or maybe that co-worker does something illegal using Bob’s credentials. Bob will then get in big trouble for something he did not do! Someone could be calling Bob impersonating Sally and now Bob’s computer is compromised. So you see, sharing passwords with anyone can be very dangerous, even if they are family members or close friends.
Pitfall #3: Never changing passwords.
Passwords should not be a set it and forget it type of thing. Many people set passwords and then never change them. This greatly increases the risks of hackers cracking those passwords. Passwords should be changed at least a few times a year. That’s because password cracking software can generally take up to a few months to work and so if you change your passwords, you are disrupting the password cracker and it will have to start all over again.
Also, a lot of people don’t change passwords even after a breach of their account has happened. This is a big no-no. After a breach, you should change your passwords immediately to avoid further data compromise. Attackers have your credentials after a breach. Don’t make it easier for them to continue to access your personal information.
Pitfall #4: Using weak passwords
While a shorter password might be easier to remember, it is also easier for a hacker to crack. The longer the password the better! Using a combination of capital letters, numbers and special characters can help slow password cracking software. The software will have a much harder time trying to figure out a password that follows these requirements.
Pitfall #5: Leaving passwords in plain sight
Some people tend to write their passwords on sticky notes or notepads and then leave them lying around on their desks. Anyone walking by now has access to these passwords as they are out in the open. This is one of the easiest ways to get compromised.
Password Pitfall Remedies
- Use different passwords for different accounts and websites.
- Don’t share passwords with anyone, ever!
- Change your passwords a few times a year and after EVERY data breach your password is involved in.
- Use a password manager to store your passwords in. This way you will only need to remember one master password and have strong passwords for very account you have.
- Don’t leave your passwords in plain site.
- Don’t use short passwords.
- Don’t reuse passwords.