Get a raise cyber attacks in 2022 created a high-risk internet landscape. But for many people, “refreshing” their password habits is still not a priority.
As a cybersecurity consultant, I often hear stories of people having their personal information stolen because they made a simple mistake like using the same password for multiple website logins. .
After 20 years of researching online crime behaviors, tactics, techniques, and procedures, I’ve found that hackers love it when people make these 6 password mistakes:
1. Reuse the same password.
More than 2/3 of Americans do this, but it only allows data breaches to remain dangerous for years after they occur.
To avoid creating a completely new password for every account, people also tend to reuse passwords with slight variations, like adding a number or symbol. But these are also easy for hackers to guess, and they’re not suitable for software designed to quickly check your password repeats.
What must you do: Develop a unique password for each of your accounts. While this can feel daunting, a password manager can be of great help in designing and organizing your password library.
2. Only create unique passwords for ‘high risk’ accounts.
Many users only create unique passwords for accounts they believe contain sensitive information or are more likely to be breached, like online banking or work applications.
But even basic user information that exists on “walk away” accounts can contain data points that scammers use to impersonate legitimate users. Your email address or phone number alone can be valuable to the bad guys when combined with information stolen from other breaches.
What must you do: Protect all accounts – even the ones you rarely use – with a unique password.
3. Do not use a password manager.
In addition to multi-factor authentication, a password manager is an essential technology that can reinforce smart password habits.
These managers can help you generate unique, single-use passwords and autofill them in the accounts they’re linked to – a huge step forward 55% of users password manager by memory alone.
Even if you accidentally click on a phishing link, your password manager can tell the difference and choose not to autofill.
What must you do: Choose a password manager that fits your personal comfort level and technology needs. Some trusted options that are regularly reviewed include 1 Password, Bitwarden, Dashlane and LastPass. While they all provide similar functionality, each one differs in terms of extended features and cost.
4. Create a simple password containing personal information.
The best passwords aren’t necessarily complicated, but they are hard to guess. Passwords that provide high protection are unique to you and do not contain easily collectible information, such as your name and date of birth.
For example, a strong password background could be the lyrics of your favorite song or you go to order at a restaurant.
What must you do: Design passwords that are at least 12 characters long and avoid using personal information that can be easily guessed. They should also be memorable to you and contain lots of characters and symbols.
5. Opt out of the multi-factor authentication system.
Even the most complex passwords can be compromised. Multi-factor authentication creates an extra layer of protection by requiring verification in addition to your username and password each time you log in.
Usually, this is done through a one-time password sent to you via SMS or email. It’s an extra step, but it’s well worth it – and it creates another barrier for attackers to overcome.
What must you do: There’s no way to add two-factor authentication to services that don’t natively offer it, but you should enable it wherever it’s supported.
6. Indifferent about the habit of using passwords.
It’s easy to think that cyberattacks won’t happen to you. But since data breaches and other cyberattacks carry a high risk of identity theft, financial loss, and other dire consequences, it’s best to prepare for the worst.
As long as you’re an Internet user, you’ll always be a potential target – and your habit of indifferent password use increases your risk even further.
What must you do: Don’t assume you are safe. Continue to reassess the hygiene of your passwords and as new authentication technologies emerge, and adopt them early.
John Shier is a senior security consultant at Sophos and has over two decades of cybersecurity experience. He is passionate about protecting consumers and organizations from advanced threats. John has been featured in publications including Reuters, WIRED, CNN and Yahoo. Follow him on Twitter @john_shier.
Do not miss:
