5 biggest password mistakes of all time & what to do instead
On average, every person has around 100 passwords. This number has increased by 25% since the beginning of the pandemic.
What costly mistakes do people make? What misbeliefs regarding passwords can do more harm than good?
Let’s discuss the top 5 password mistakes of all time. If you recognize yourself in one of them, respond by understanding what to do instead.
1) If I use one complex password, I will be secure.
While it is always advised to use complex passwords, more importantly, each has to be unique. If you reuse one strong password among multiple platforms, it fails to protect you from brute-force and credential stuffing attacks. How?
It happens that even large companies accidentally leak users’ data. Usually, all the data, including your complex password, is dumped into a dark web forum. The first thing any hacker would do – would try that password on other common platforms. If your password is strong, but you reuse it – the hacker can still successfully crack other accounts.
Therefore, even the most complex reused password will not protect you from data breaches and later attacks.
2) If I add all my weak, reused passwords to a password manager, it will protect me.
53% of people rely on their memory to store passwords. Consequently, those passwords tend to be memorable: short, phrase-based, and weak. These too-common password mistakes stand behind 80% of successful data breaches.
Even if you decide to use a password manager, adding weak passwords into a reliable tool will not protect you from cyber threats.
No password manager will protect you from data breaches at a website or application level. That means if your Facebook password gets leaked and a hacker reuses it on another account, your account can still get breached.
Use a password manager wisely. Generate unique, random passwords for each platform. You will not need to rely on your memory because the tool will save and autofill them for you.
3) If I add any numbers and special characters, my password will be strong.
Adding capital letters, special characters, and numbers becomes one of the passwords mistakes when people oversimplify it.
Of course, complex passwords should mandatorily have all these extra modifications. Yet, it is not enough to add 123 at the end of the password, change O to 0, or a to @. Your password will still be prone to the latest brute-force attacks.
Every predictable password pattern makes passwords weak. Consequently, the more random the password, the better.
4) If I change a password regularly, I will be more secure
While some existing arguments support the idea, it depends.
Frequent password changes might protect your accounts in some cases. For instance, if a hacker finds your password in a dark web forum and tries it to log in to your breached account, he will succeed. By changing credentials periodically, you minimize the rate of success.
Yet, frequent password changes usually make people sacrifice their quality. If you reuse the same three to five passwords by changing the number, the letter, or the last symbol, it still fits under the category of password mistakes. Such usual modifications are highly prone to brute-force attacks since they are easily guessable.
5) Two-factor authentication will protect my accounts from all cyber threats.
There is some level of truth in this statement. Two-factor authentication might be a reliable protection strategy from some types of cyber threats. For instance, if a hacker guesses your login details, Two-factor authentication will stop him from gaining access to your account.
However, it is not a bullet-proof protection mechanism. Blindly counting on 2FA belongs to serious password mistakes. Two-factor authentication will not protect you from social engineering attacks. If you click on a malicious link or download an infected file attached to an email, it will spread a virus or other type of malware and harm your device.
Without a doubt, it is a good practice to use 2FA whenever possible. Yet, extra attentiveness, double-checking, and skepticism should always come along.
Discovering password mistakes is a crucial step in learning good password management practices. Recognizing your own beliefs and, respectively, changing behavior is a sustainable way to protect your data online.