4 Common Password Mistakes That Put Your Online Security at Risk

We’ve all been chastised by those “weak” or “moderately secure” prompts that many online accounts give when you create a password that’s not strong. After all, putting in all those characteristics, like at least one upper-case letter, numbers and symbols just seems like a lot of work when you’re busy and just want to open an account quickly.

But sticking with your tried-and-true weak or moderate passwords — or even worse, the same weak password used for most of your online accounts — opens the door to hackers who can access your sensitive personal information, financial accounts and more.

Passwords to your online accounts are the “keys to your digital castle,” according to the National Cybersecurity Alliance, so doing everything you can to keep your passwords safe should always be top of mind.

October is National Cybersecurity Awareness Month and a great time to perform a check-up of all the online security measures you have in place, starting with online passwords.

Here are four common password mistakes that people make and how to correct them.

Creating short and easy passwords

If you think that “Bob12345” is a unique password, you need to beef up your password creation strategy. According to the NCA, every password you create should meet these three strong-password requirements:

• Long: Short passwords make it easier for hackers to figure out your password, so make all passwords at least 12 characters long.
• Unique: It’s tempting to use the same, easy-to-remember password for all online accounts so you never have to look up passwords. But if a criminal gets their hands on that one password, they may be able to access all your accounts that use the common password.
• “Unique” doesn’t mean changing only a number or symbol here and there with the same couple of words you use for every online account. “To really trip up hackers, none of your passwords should look alike,” says the NCA.
• Complex: In addition to at least 12 characters, a strong password should contain both upper- and lower-case letters in addition to numbers and special characters (“$,” “?” or “!,” etc.) and even spaces if the app or website allows.

Find out: How Can I Protect Myself from Identity Theft?

Using actual words

If you’re using your name, your dog’s name or another real word as a big chunk of your password, you’re an easy target for dedicated hackers, who can easily crack your password once they’ve got half of it figured out.

“Hackers use malicious programs that can process every word found in a dictionary to crack passwords,” according to security software provider Norton. “Stay away from using proper nouns and other standalone dictionary words that could lead to an unsecure password.”

Find out: The Tell-Tale Signs of Identity Theft

Repeating the same password for multiple accounts

Maybe you created an easy-to-remember password long ago when you weren’t forced to create an account for nearly everything you wish to do online. So, you may have just kept using that familiar password for all new accounts. That’s a big mistake, though. Once a hacker has that password, they may be able to access a number of your online accounts.

Find out: How to Deal with a Data Breach

Not using a password manager

If you write all your passwords in a notebook or store them on your phone, you’re leaving yourself open to prying eyes and hackers eager to mine your financial and personal information. Your passwords are much more secure if you download and use a free or paid password manager app such as LastPass, 1Password or Keeper.

With a password manager, you have only one master password to remember. The rest are stored in the password manager vault, so when you log into online accounts, they’re automatically added by the password manager.

Find out: 3 Ways a Password Manager Keeps Your Data Safe