Common Password Mistakes and How to Avoid Them – Quertime

Passwords are arguably the most critical element of cybersecurity in the information age, establishing the first layer of protection against potentially disastrous implications of unauthorized access to private information. Yet, many people continue to make critical mistakes in creating and managing their passwords, which can leave them vulnerable to cyber-attacks. This article provides some common password mistakes along with relevant advice on how to avoid them.

common-password-mistakes

Mistake 1: Using Weak Passwords

The most common password mistake is weak, easily guessable passwords. Many users still use passwords like “123456,” “password,” or “qwerty,” in spite of the numerous warnings not to do so. These simple passwords are highly insecure and can be cracked by cybercriminals within seconds using automated tools.

A strong password will consist of no fewer than 12 characters, including uppercase and lowercase letters, numerals, and special characters. Avoid simple words, word combinations, or popular sayings. You might want to use a passphrase—a string of unrelated words or a memorable sentence that would be difficult for someone else to figure out but easy for you to remember. For example, a passphrase like “SunnyForest$1945!” is substantially more secure than a weak password like “password123.”

Mistake 2: Reusing Passwords Across Multiple Accounts

Using one password for all their accounts is both very common and extremely dangerous. Once cyber attackers have that password due to a compromise or leak, a vulnerability is left in all the other accounts against an attempt called “credential stuffing.”

The best mitigation in this case is to use unique passwords for each of your online accounts. But how to keep track of all these strong, unique passwords? Well, you can think of using a password manager like Bitdefender Password Manager. Password managers store and generate secure passwords for each of your accounts, allowing you to use complex and unique passwords without the need to remember each one.

Mistake 3: Relying on Personal Information

For many people, a password has a portion of it that involves some personal detail, such as an individual’s name, date of birth, or an individual’s pet, among others. Such types of information are relatively easy to remember and will therefore be relatively easy to guess, especially for someone who knows the individual or has access to them or their social media accounts.

Cybercriminals can easily gather personal data effortlessly through online searches or related tricks regarding social manipulation. Thus, not only you should use scam detector tools like Bitdefender scam detector, but you should also not include personal information in your password to protect your data. You should use a random collection of characters not related to you in any way. A strong password does not comprise easily accessible details or facts of your personal life.

Mistake 4: Failing to Enable Two-Factor Authentication (2FA)

A password is crackable, no matter how strong it is; therefore, there is a great need to put an additional security layer using two-factor authentication (2FA). Many people either do not really set this feature or do so poorly, thus making their accounts highly susceptible to an attack.

Two-factor Authentication requires two forms of identification before accessing your account—usually something one knows, like a password, and something one has, like a smartphone or a hardware token. This extra security step will go a long way to keep attackers blocked and away from unauthorized access, even if they have your password. Implement 2FA with accounts where valuable and sensitive data is held.

Mistake 5: Not Changing Passwords Regularly

Another common mistake is never changing the passwords. Even if your password is strong and unique, it can still be compromised over time through data breaches or phishing attacks. Ideally, passwords need to be changed every three to six months, and every new password needs to be completely different from the previous ones. You can use a password manager to alleviate the burden of changing your password too often, helping you to keep track of when passwords were last updated and prompting you when you need to change them.

Mistake 6: Ignoring Password Breach Notifications

Whenever there is a data breach, companies may send out notifications to their users recommending them to change their passwords. But many people simply ignore these notifications, thinking their accounts are safe. That’s when complacency sets in, and it is dangerous since cybercriminals often exploit data from a company’s breached accounts.

If you get a message that suggests your account has been hacked, you should spring into action by resetting your password and cross-checking the activity in your account for any hints your account is compromised. If you see something suspicious—like an unauthorized login, a request to reset your password where it wasn’t you, or perhaps some other similar account change—do not delay updating your password and check for any other suspicious activity in your account. This will prevent any potential breach from getting more serious and stop your personal information from being abused.

Mistake 7: Storing Passwords Insecurely

Storing passwords in insecure locations, such as on a piece of paper, in a text file on your computer, or in an unsecured document, is another common mistake. To keep your passwords safe, avoid writing them down or saving them in unprotected files. Instead, what you can do is use a password manager, which can safely encrypt your passwords so that they are secure from unauthorized access. The password manager will create and store difficult, unique passwords for all accounts, which in any case is a best practice.

As cyber threats are becoming increasingly sophisticated, the importance of strong password practices cannot be overstated. Good password habits can help increase the level of one’s security to a large extent by preventing common mistakes such as using weak or old passwords, repeating passwords for different log-ins, relying on personal details, etc. Taking the time to create and manage your passwords properly is a small investment that can prevent significant losses and protect your personal and professional data from cybercriminals.

Source: www.quertime.com