How To Avoid Common Password Pitfalls

How To Avoid Common Password Pitfalls

Everyone has experienced the frustration of forgetting a password. Even worse, not remembering the answer to security questions you created years ago can make recovery impossible. You can use the following tips to secure your accounts across the web without having to remember what your favorite color was in 2004.

Common mistake #1: Using the same password for everything.

Sure, you created a password that passes the test of every website: Some capital letters, a number or two and perhaps some special characters. No way that is getting cracked, right? Think again!

Your password doesn't need to be cracked to be compromised. Many of us have 20 or more accounts that we use on a regular basis, and an attack on any of these sites' weak spots has the potential to compromise your password right out from under you, which can then be used to gain access to all of your accounts.

To illustrate how widespread this problem is, just check out 'Have I Been Pwned?'. This site tracks account compromises and hacks by web site; for example, it shows us that over 360 million MySpace accounts, 160 million LinkedIn accounts and 65 million Tumblr accounts have been compromised to date. These compromised passwords will then be stored by hackers and tested against other sites. You can visit the site to enter your username and see if your account has been compromised and how badly.

Common mistake #2: Writing your passwords down.

Many people, in order to make the most secure passwords, will create nonsensical strings of characters in an attempt to thwart hacking attempts. While a long, random string of characters does indeed present a strong challenge to hackers, it also opens you up to exploitation in other ways.

Writing down passwords has the potential to either compromise or lose all of your sensitive data all at once. Sure, you can save a file on your computer with all of your passwords, but then it would be even less secure. It is almost impossible to tell nowadays who is viewing your files - hacker, government or otherwise, so why would you take the risk? Just look at how many Dropbox accounts have been compromised: those all have access to the personal files of the compromised users.

Many a common computer user has been compromised by writing their password on a sticky note and placing it on their monitor. While this is more critical in the workplace, it is also important for the home. Don't presume that everyone who enters your home would pass that bit of information up! Even if an opportunist didn't want to use your password, they could sell it.

Common mistake #3: Not using a complex password.

Most modern websites require you to create a password containing a combination of the following: Capital letters, lowercase letters, numbers and special characters. Some websites don't.

Even if it's not a requirement, you should strive to create a strong password. A quick view of, which lists the 10,000 most commonly used passwords, shows us that some of the most common passwords in use today are 'password,' '123456,' 'qwerty,' and 'football.' Any password in the top 1,000 of this list will be cracked in seconds using automatic hacking software, and a study on the site shows that an astounding 91% of all user passwords sampled appear in the top 1,000. This means only 9% of all users are safe from password cracking attempts!

How do you stay safe?

Are you making any of the common mistakes described above? If so, taking a few simple steps can greatly improve the security of your digital identity.

To learn how to create a strong, unique password for every site without having to remember all of them, check out our blog post on password manager basics.


Comments are closed.