Password Safety: Are You Making These 20 Critical Mistakes?

I remember when setting a password meant slapping a sticky note on your monitor!

We’ve come a long way since then, but somehow, in 2024, people are still making rookie mistakes with their passwords.

So let’s break down 20 of the most common password safety blunders and what you can do to fix ’em, pronto. Your future self will thank you.

Mistake #1: Thinking “PassworD1!” is Secure

I get it, “PassworD1” is easy to remember. But it’s also easy for hackers to crack it in 0.01 seconds!

In fact, a 2019 study by the National Cyber Security Centre (NCSC) found that 23.2 million victim accounts worldwide used “123456” as their password.

Examples of weak passwords:

• “password”
• “123456”
• “qwerty”
• Your name or birthdate
• Common words or phrases

The National Institute of Standards and Technology (NIST) now recommends using long, easy-to-remember phrases instead of complex passwords.

Go long. Like, novel-length long.

A passphrase of several random words is far harder to crack than something like “Tr0ub4dor&3”.

Mix in some numbers and special characters for good measure. If that’s too hard to remember, use a memorable sentence like “Chili.Cheese.Dogs.Are:Delicious!”

Examples of strong passphrases:

• Sup3rmanF1iesOver@MetropoliS (Time to crack: 52 decillion years)
• Chili.Cheese.Dogs.Are:Delicious! (Time to crack: 63 tredecillion years)
• ILikeChiliCheeseDogsAndICannot:Lie! (Time to crack: 40 quindecillion years)
• Squ1rre!sL0veAc0rns!nF4ll (Time to crack: 1 hundred octillion years)

Want to see how long it would take to crack your passphrase? Check securty.org password tester and test it for yourself!

Mistake #2: Using the Same Password Everywhere

This is a biggie. When you reuse the same password (or even a slight variation), you’re putting ALL your accounts at risk. Why?

Because if just one of those sites gets hacked, the baddies can use those same creds to waltz right into your other accounts. Game over, man.

A 2024 survey by Bitwarden for World Password Day found that 85% of participants admitted to reusing passwords across multiple accounts. That’s a hacker’s dream come true!

Use a unique password for every single account. Period. No exceptions. And make ’em strong – mix up letters, numbers and symbols.

If it looks like your cat took a stroll across the keyboard, you’re on the right track.

“But Binod, how the heck am I supposed to remember all those crazy passwords?” I hear you, and that brings me to…

Mistake #3: Relying on Your Brain

News flash: the human brain is great at a lot of things, but securely storing dozens of complex passwords ain’t one of ’em.

Trying to memorize all your passwords is a recipe for disaster (and insanity).

You’ll end up using weak, easily guessed passwords or constantly hitting that “forgot password” button. No bueno.

The solution: Get a password manager. Right now.

My personal favorite is Bitwarden. I use the self-hosted version for maximum control and security. It’s got apps for every device, syncs smoothly, and is completely open source.

Plus, the basic personal version is totally free! Of course, LastPass, 1Password, Dashlane and KeePass are also great options.

But seriously, just pick one. It’s the single best thing you can do for your online security – and your sanity.

All you need to remember is one master password.

Mistake #4: Sharing Passwords via Insecure Methods

“Hey, what’s the Netflix password again? Just text it to me.” Sound familiar?

Yep, we’ve all been there. But shooting passwords around via plain text email, chat or post-it note is a great way to hand ’em over to hackers on a silver platter.

If you absolutely must share a password (and let’s be real, sometimes you do), use a secure method like the “share” feature in your password manager.

Mistake #5: Storing Passwords Insecurely

Post-it notes on your monitor, a text file called “passwords.txt” on your desktop – if you’re doing any of this, you might as well message your passwords directly to [email protected] and save them the trouble.

Physical and digital password hoarding is a major no-no.

Again, a password manager is your BFF here.

All your precious passwords, locked up tight behind military-grade encryption. Just make sure to choose a strong master password (see above) and never, ever forget it.

Write it down and lock it in a literal safe if you have to.

Mistake #6: Using Obvious Personal Info

Your birthday, your kid’s name, your pet’s name- if it’s something a hacker could easily guess or find on your social media profiles, it has no business being in your password.

That’s like locking your front door but leaving the key under the mat.

A 2023 survey by Aura found that 39% of American pet owners have used their pet’s name as part of their password for an online account. This percentage increases to 50% among pet owners aged 35-44 years old .

Please don’t be one of those people!

Avoid using any personally identifiable info in your passwords, period. That means no names, dates, places or anything else that could be connected to you.

Randomness is your friend here.

Mistake #7: Not Using Two-factor Authentication

Even a strong, unique password can be compromised if a hacker gets their grubby mitts on it.

That’s where two-factor authentication (2FA) comes in – it adds an extra layer of security by requiring a second form of verification (like a code from your phone) to log in.

Enable 2FA on every account that offers it (and if your bank or email doesn’t, it’s time to find a new one that takes security seriously).

Yes, it adds an extra step, but it makes it exponentially harder for anyone to break into your accounts.

It’s like putting a deadbolt on that digital front door.

According to a 2019 report by Microsoft, accounts that enable 2FA are up to 99.9% less likely to be compromised

Mistake #8: Ignoring Website Security Warnings

That “Not Secure” warning in your browser that you ignore so you can get to that hilarious cat GIF faster? Yeah, that exists for a reason.

When you enter your info on a site that’s not encrypted with HTTPS, you’re basically shouting your password (and everything else) through a megaphone on the digital street corner.

If your browser warns you that a site isn’t secure, listen to it!

Think twice about logging in or entering sensitive info.

Legitimate sites should all be using HTTPS encryption these days. If they aren’t, they’re either woefully behind the times or straight up shady.

Mistake #9: Changing Passwords Too Often

Conventional wisdom says you should change your passwords every few months. The theory is that it limits the damage if your credentials are compromised.

But in practice, people tend to make tiny tweaks (“Fluffy1999” becomes “Fluffy2000”) or just give up and reuse old ones.

Ignore that advice. I’m serious. If you’re using a password manager and 2FA, there’s no need to change passwords regularly.

Only do it if there’s reason to suspect a breach. Save yourself the headache and focus on fundamentals instead.

(The exception is any work accounts subject to mandatory changes. Sorry, can’t help you there!)

Mistake #10: Falling for Phishing Scams

You know those emails that look like they’re from your bank or PayPal, asking you to click a link and log in?

Yeah, those are probably fake. Hackers use these phishing scams to trick you into giving up your login credentials.

A 2022 report by Verizon found that 82% of data breaches involved the human element, including phishing attacks.

If you get an email asking for your password, be suspicious.

Check the sender’s email address carefully, and when in doubt, go directly to the company’s website by typing the URL into your browser.

Definitely don’t click any links or download anything.

Here are 20+ Tips to Check If a Link Is Safe Before You Click

Mistake #11: Skimping on Your Master Email Password

Think about it – your primary email is the key to your digital kingdom.

If a hacker gets into that account, they can wreak havoc across your entire online life – other accounts, bank info, the works. “Forgot password” links go right to your inbox. It’s scary stuff.

Your email password should be the strongest, most complex one in your arsenal.

We’re talking “War and Peace” length, people.

Enable 2FA, check for any weird forwarding rules a hacker might have set up, and keep a hawkeye out for phishing attempts.

Guard that email account like it’s the One Ring.

Mistake #12: Not Using a Password on Your Devices

It blows my mind how many people don’t password-protect their phones, tablets, and laptops.

If your device gets lost or stolen and it doesn’t have a password, whoever has it now has access to all your stuff!

A survey by the Pew Research Center found that 28% of smartphone owners don’t use a screen lock. That’s just asking for trouble.

Set up a strong password or biometric lock (like a fingerprint or face scan) on all your devices.

It’s a minor inconvenience for a big boost in security.

Mistake #13: Not Changing Default Passwords

You’d be shocked how many people never change the default passwords on their routers, smart home devices, etc.

Hackers LOVE those devices, because they know most people don’t bother.

Make it a priority to change default passwords on ANY internet connected device.

Your router, your baby monitor, your “smart” coffee maker. If it has a password, change it to something unique. (And disable remote access if you don’t absolutely need it.)

Mistake #14: Using “Security Questions” That aren’t Secure

Mother’s maiden name? First concert? Please. In the age of social media and Ancestry.com, a lot of that info isn’t exactly private.

But many of us still count on these flimsy questions as a backstop.

If a hacker can guess or research the answers to your security questions, they can reset your password and take over your account.

The Solution: Lie! Not on your taxes or to your significant other, of course. But it’s 100% OK to fib on those security questions.

In fact, I insist. For bonus points, use your password manager to generate and store random answers. “What was the name of your first pet?” Um… “X6ttQ2cz”, apparently!

Just make sure you save those answers somewhere safe.

Mistake #15: Not Monitoring for Breaches and Leaks

Data breaches happen all the time, and sometimes your login credentials can end up leaked online without you realizing it.

Don’t just assume your passwords are safe – be proactive about monitoring for breaches.

Sites like HaveIBeenPwned.com let you check if your email or passwords have been involved in any known data breaches.

If they have, change those passwords stat!

Mistake #16: Using “Remember Me” on Shared Devices

Sure, it’s convenient to have your computer or phone remember your login info, especially for low-stakes stuff like your streaming accounts.

But if you’re using a shared device (think family computer or work laptop), anyone who gets their hands on it can access your accounts with a click.

On any device that other people might use, always log out of your accounts when you’re done and avoid checking that “remember me” box.

It’s a pain, but it’s better than your snoopy cousin (or worse) poking around in your business.

Mistake #17: Not Using a VPN on Public Wi-Fi

Free Wi-Fi at the coffee shop is awesome – until you remember that any rando on the same network can potentially see what you’re doing.

Logging into your bank account or entering your credit card digits on an unsecured network is like handing your wallet to a pickpocket.

A 2022 survey by HighSpeedInternet.com found that nearly half (47%) of Americans connect to public Wi-Fi regularly, but only 44% use a VPN when doing so.

Always, always, always use a VPN (virtual private network) when you’re on public Wi-Fi. It encrypts your internet traffic so no one can snoop on your activity.

I prefer ProtonVPN.

And make sure it’s set to connect automatically so you never forget.

Mistake #18: Relying Solely on Passwords

With all this talk about passwords, it’s easy to think they’re the be-all and end-all of online security. But the truth is, passwords alone aren’t enough anymore.

Hackers are constantly finding new ways to crack passwords and bypass security measures.

That’s why it’s important to use additional security features like two-factor authentication, biometric locks, and security keys whenever possible.

Mistake #19: Not Teaching Kids About Password Security

If you have kids, it’s never too early to start teaching them good password habits.

As soon as they’re old enough to start using devices and making accounts, sit down with them and explain the importance of strong, unique passwords.

Help them set up a password manager and show them how to use it.

And model good password behavior yourself – kids are always watching and learning from their parents’ examples.

Mistake #20: Not Having a Plan for When (Not If) You Get Hacked

Face it: even if you follow every password security tip to the letter, there’s still a chance you could get hacked someday. It sucks, but it’s reality.

So instead of just hoping it never happens to you, make a plan for what to do if it does.

Know how to report suspicious activity on your important accounts.

Have backup codes or a recovery email set up for your password manager and two-factor authentication.

The more prepared you are, the faster you can react and minimize the damage if the worst happens.

It’s not pleasant to think about, but what happens to all your online accounts when you’re gone?

Will your family be able to access your email, photos, and documents? Or will those digital memories be lost forever?

Create a plan for your digital legacy.

Store your master password and 2FA recovery codes with your other important papers. Consider using a “digital executor” service.

At the very least, have a conversation with loved ones about your wishes. A little bit of preparation now can save a lot of heartache later.

Password Protection Perfected!

So, how many of these password mistakes are you making? More than a few, I’ll wager. But hey, admitting you have a problem is the first step!

Now that you know better, it’s time to level up your password game. A few simple changes can make a world of difference in keeping your digital life secure.

Start small by setting up a password manager and changing a few of your most important passwords.

Then keep chipping away at it until you’ve got a fortress of strong, unique passwords protecting all your accounts.

If you found this advice helpful, pass it on to your friends and family. Heck, shout it from the rooftops!

The more people we can get practicing good password hygiene, the better off we’ll all be.

And if you’ve got your own password tips and tricks, share ’em in the comments. I’m always eager to learn from my fellow techies.