3. Not unique
As passwords get longer and more complex, it's tempting to use the same password for every account so you only have to remember one. Unfortunately, if you do this and a hacker gets a hold of your password for one account, say in a data breach, they can log into all your accounts.
You need to create unique passwords for every account you have. As we said, however, that makes it really hard to remember your passwords, which leads to mistake number 4.
4. Writing passwords down
Many people create strong, unique passwords and then write them down on sticky notes that they stick on their desk. Some people keep their passwords in a notebook that they leave lying around.
A hacker won't have much of a chance of seeing those, but what about snooping family members or friends? Maybe your house is robbed and burglars end up with your password notebook. If the burglars are smart enough they can cause you a lot of trouble.
Instead of writing the passwords on a notebook, get a password manager. This is a program that stores and locks your passwords behind a single Master Password. You can create dozens of strong unique passwords and only need to remember a single password (and you can use our formula in point 2 to make it).
5. Never changing passwords
You might have heard the recommendation that you change your password every six months, three months or even monthly. However, the Federal Trade Commission did a study that shows you shouldn't regularly change your password.
Regularly changing passwords is annoying, which leads to people making passwords too simple or reusing them. In fact, people who regularly change their passwords make them 46 percent easier to guess. In general, you should only change your password if you think it's been involved in a data breach.
That being said, you should take some time to look through your passwords and update the ones you haven't changed in years. They probably include some of the mistakes above, and you want them to be as strong as possible.