Seven Password Mistakes and How to Avoid Them

June 15th, 2016 by Rocket IT

A different security breach hits the headlines on an almost daily basis. While you may not be too concerned about the safety of your LinkedIn profile after a quick password reset, you may still be committing some of the most common password mistakes. We’re sure your password is more secure than “password” (especially after our last blog post on the subject), but are you making one of these seven mistakes?

1. Using any sort of easily recognizable patterns in your password

Using full words in your passwords makes it a lot easier for hackers using pattern-recognizing software to break in. You may think they’re more secure if you switch out a few letters for similar symbols or numbers (like P455w0rd), but the software is smart enough to check those patterns, especially if they’ve already discovered the beginning of it. It’s best to not use words in your password at all, and especially not to start your password with them.

A lot of people use patterns in passwords to help them remember. If you create your own passwords and need help remembering them, try using an uncommon acronym that makes sense to you, but probably won’t make sense to anyone else. For example, you may remember a sentence that makes sense to you like “I do not like green eggs and ham. I do not like them, Sam-I-am.” Take the first letters from each of the words in that sentence “Idnlgeah.Idnlt,SIa” and transpose them with a few symbols and letters “1dnlg3&h.1dnlt,5l@” to make it more secure.

2. Using personal information in your password

You may think there’s no way a hacker knows what your mom’s maiden name is, and one certainly wouldn’t know the number of your locker in high school, but “Smith1265” is actually very easy to break. A quick Facebook search can reveal a lot more personal information than you think, so it’s safer to stay away from personal information in your password.

3. Having a password that’s too short

Just because your password meets the minimum requirements doesn’t mean it’s secure. The longer your password is, the harder it will be for someone to crack it. It’s generally recommended to have a password that’s at least 12-14 characters long.

4. Not updating your passwords

A huge reason the LinkedIn hack from 2012 was still a concern four years later is because a lot of people don’t update their passwords. The longer you go without updating them, the less secure your accounts are. You should change your passwords every few months.

5. Reusing your passwords

An even bigger reason why the LinkedIn breach is so concerning is that a whopping 59% of consumers reuse their passwords.[i] Sure, you might not care too much about some random person getting into your LinkedIn account, but you’d certainly care if that person was able to get into your Amazon account with that same password.

When you reuse your passwords, all it takes is one of those accounts being compromised to put all the others at risk.

At this point, you may feel a little concerned about the likelihood of remembering all of the really long secure passwords you’ll have to remember (and then change a few months later and memorize all over again). If this is a concern, you may want to explore using a password manager like LastPass or DashLane.

6. Not taking advantage of two-factor authentication options

I know it’s not very convenient to tack on an extra step to your login process, but using the two-step authentication options available provides an additional layer of security. There’s a reason why so many banks use it… Because it works!

Some software enables the multifactor authentication only when your login behavior differs from the norm. So, if you log in using the same computer every time, you won’t see the additional security challenge. But, if someone on the other side of the world tries to log in, they’ll have to go through an additional lock to get in.

7. Using weak security questions and answers

Why would you have a strong password and going back it up with strong security questions and answers? The most common security questions are about your mother’s maiden name and the name of the first street you lived on… Answers that are fairly easy to track down.

Where possible, create your own security questions. And make them hard. Don’t make your question “what’s your favorite movie series?” and the answer “the Avengers” if you like every Avengers page on Facebook, add 5 different Avengers pins to your Pinterest, and regularly comment on popular discussion boards. Use it to create a second password to your account or write it like an in-joke to yourself, something only you would know the answer to.

 


[i] https://www.passwordboss.com/password-habits-survey-part-1/

 

CS 2-1About the Author – 

Catherine Siv joined the Rocket IT team in the fall of 2015 as a Service Team Intern and is now a Remote Support Technician. She’s a tech enthusiast by day, and food blogger by night. 

 

 

Want technology and leadership content sent directly to your inbox? Subscribe to Rocket IT’s monthly newsletter!