Passwords are your first line of defense against hackers and snoops trying to break into your accounts. You want your passwords to be rock solid so hackers don’t even have a hope of breaking them, but that often isn’t the case.
Maybe you were in a rush when you made the password. Perhaps you created it a long time ago. It’s also possible you’re making passwords using older rules. Today, we’re going to go over the most common password mistakes people make so you know what not to do.
1. Too short
A decade ago, a five- or six-character password was more than a match for the average computer; however, computers have increased in processing speed at such an astounding rate, a six-character password is almost as bad as having no password at all.
When you’re making new passwords, eight characters should be the absolute minimum, and 10 to 12 characters is recommended. For super-important accounts, such as your banking account, a 14- to 16-character password isn’t a bad idea. At Komando.com, our IT staff uses 30-character passwords for their important systems.
2. Too simple
A 12-character password isn’t going to do much good if it’s something as simple as “123456789012” or “abcdefghijkl”. Hackers check for things like that right away.
Even a common phrase like “maytheforcebewithyou” is something hackers look for right off the bat. They have dictionaries with millions of the most common passwords and variations, and they can crack these simple ones in minutes or even seconds using home computers.
A strong password needs to have a mix of uppercase and lowercase characters, along with numbers and symbols; however, you can’t just get away with simple substitutions like “Mayth3F0rc3Bw!thU!”
Something like that will slow a hacker down, but modern computers are fast enough to try substitutions like this, as well. Your password needs to be virtually random.
Instead of just randomly hitting keyboard keys, try another method that makes the password easier to remember. Start by thinking up a random sentence. You can use a catchphrase, quote or even a song lyric, like “Tramps like us, baby, we were born to run.”
Take the first character from each word to get “tlu,bwwbtr”. Add some symbols in place of similar letters, so “u” becomes |_|, the “to” from the original lyric becomes 2. Then, capitalize a few of the letters to make a strong password that’s easier to remember than a random password: “Tl|_|,BwwB2R”.
When you have dozens of passwords, though, remembering them is going to be a problem even with this method. That’s why you need to keep in mind the next mistakes.
3. Not unique
As passwords get longer and more complex, it’s tempting to use the same one for every account so you only have to remember one. Unfortunately, if you do this and a hacker gets ahold of your password for one account — say, in a data breach — they can log in to all your accounts.
You need to create unique passwords for every account you have. As we said, however, that makes it really hard to remember your passwords, which leads to mistake No. 4.
4. Writing passwords down
Many people create strong, unique passwords and then write them down on sticky notes that they stick on their desks. Some keep their passwords in a notebook they leave lying around.
A hacker won’t have much of a chance of seeing those, but what about snooping family members or friends? Maybe your house is robbed and burglars end up with your password notebook. If the burglars are smart enough, they can cause you a lot of trouble.
Instead of writing the passwords in a notebook, get a password manager. This is a program that stores and locks your passwords behind a single “master password.” You can create dozens of strong unique passwords and only need to remember a single password (and you can use our formula in No. 2 to make it).
5. Never changing passwords
You might’ve heard you should change your password every six months, three months or even monthly; however, the Federal Trade Commission did a study that shows you shouldn’t regularly change your password.
Regularly changing passwords is annoying, which leads to people making passwords too simple or reusing them. In fact, people who regularly change their passwords make them 46% easier to guess. In general, you should only change your password if you think it’s been involved in a data breach.
That being said, you should take some time to look through your passwords and update the ones you haven’t changed in years. They probably include some of the mistakes above, and you want them to be as strong as possible.