Your passwords are the first line of defense against hackers and other bad actors. That’s why it’s critical that you avoid common password mistakes. And one of the best things you can do to protect your accounts is to choose a good password manager. But even if you have one, you’ll still want to avoid making these seven password and online security mistakes – continue reading to learn more.
Not Choosing Strong Passwords
The most basic password advice available is to choose a good one. But for some users, what separates a good password from a poor one may still be confusing. With that in mind, here are some password tips to help you avoid the worst blunders.
- Don’t use “password1234,” “mypassword” or anything that’s easy to guess.
- Use a combination of letters, numbers and special characters.
- Opt for longer passwords whenever possible. Shorter passwords, even those that are just random characters, are easier to crack than longer ones.
- The best practice may be “pass phrases” that are easy to remember but longer than a typical password.
Reusing Your Passwords
In addition to choosing a strong password, many online users make another critical error: reusing the same password across multiple services. That’s easier to remember, but it’s a massive security risk.
You’ll want to avoid doing this whenever possible. Each online account you use should have a strong, unique password associated with it. That way, most of your accounts will stay secure even if one of your passwords is hijacked.
Not Keeping Up-to-Date on Breaches
Some experts recommend changing your passwords periodically across all of your accounts. But, as any internet user knows, this is easier said than done. So, at the very least, you should keep up with the latest data breach news to make sure your passwords haven’t been compromised.
If they have, change them as soon as possible. And speaking of changing your passwords, make sure to make it significantly different. Don’t just swap out a letter or a number, or change the capitalization on some characters. That’s basically just reusing the same password.
Using Easy-to-Guess Reset Questions
You’d be surprised just how much information and personal data you’re putting on the internet. You’ve probably posted pictures of your pet or your parents, for example. When you start thinking about it, password reset questions like your mother’s maiden name or your first pet don’t seem as secure.
While there’s only so much an attacker could do without access to your email, it’s still a best practice to choose harder reset questions or to keep from inadvertently posting those answers online. If you’re particularly security conscious, some experts recommend just inputting random answers that you write down somewhere.
Trusting Shady Websites & Messages
In general, you should avoid typing or pasting your password anywhere other than a verified login field for the service you’re signing into. Don’t give your password to other websites, or random emails and text messages you may receive.
Similarly, we’d recommend staying away from password generator websites. There’s no guarantee that these sites aren’t just collecting your passwords or giving them to the highest bidder. Generate your own password via a strong, credible password manager.
Not Taking Care on Public Wi-Fi
Most modern web browsers let you know whether you’re connecting to a website over HTTP or HTTPS — just look for a lock or security icon next to the address bar. Even if you don’t know the specifics of HTTPS encryption, you’ll want to make sure to pay close attention to that security icon.
If you connected to a website over HTTP, or an unsecured connection, an attacker might be able to intercept your passwords and login credentials. This is much more of a concern over public Wi-Fi, so we recommend avoiding any sensitive or financial browsing when you’re on unsecured Wi-Fi. No matter what, be sure to use a VPN when browsing on public Wi-Fi networks.
Not Using Two-Factor Authentication
While it’s not necessarily related to passwords, it’s a good idea to enable two-factor authentication whenever possible. That way, even if a hacker gains access to one of your passwords, there’s an additional step preventing them from hijacking your accounts.
Most 2FA systems rely on SMS text messages, which has its own security risks. If you’re serious about locking down your important accounts (like emails or bank services), consider investing in a physical security key.