How many passwords do you have to juggle regularly, or do you just have your browser memorize your passwords? Even if the latter is the case, what if your Google Account/Gmail password is not strong enough, and someone figures it out or cracks it? In that scenario, they would automatically have all your other passwords.
We use too many platforms, and coming up with something unique every time is a challenge. It’s even more challenging to ensure you don’t forget these passwords or get the old and new passwords mixed up.
The bottom line is that making passwords is not easy, and you’re making many mistakes that could come back to haunt you. Here are the top four biggest mistakes you don’t know you’re making.
1. Picking something meaningful
The reason why people pick something meaningful to them is mostly because it is harder to forget. You see when making a password, you’re always juggling between something complex and something that you won’t forget. Sure, you can come up with the most outlandish thing in the world, like a phrase from a random movie, but will you remember it a week from now? What about a month from now?
So, people pick something they know they can’t forget. For instance, they pick their anniversary date. However, they then go to a dinner with their partner, take a photo of it, and put it online with the caption “Five years of love.” This way, anyone who thinks about this for just one second will know the exact date and your password.
Another thing that people often use is their pet name (which is also all over their social network, usually with the name in the caption). Just keep in mind that hackers aren’t always people you don’t know, hiding in a basement halfway across the world with anonymous marks on. Sometimes, they’re people you know, commenting on how cute your dog is, hoping you’ll instinctively tell their name in a conversation.
What about your mother’s maiden name? Chances are that you have all your cousins as friends on social media. Some people list them as cousins (on Facebook, for instance), but the cousins are sometimes just as public and vocal about the relationship.
Each of these is far easier to crack than you think. Just go with something more randomized and resolve this issue for good. Needless to say, meaningful passwords are some of the worst password ideas out there.
2. Doing it all manually
The main reason why people struggle to come up with unique passwords is because they try to juggle all of it in their minds. They rely on their ability to conclude logically or memorize passwords. This makes them a bit lazy, not out of laziness but out of convenience. After all, a single password is easier to remember than multiple.
It also makes changing passwords far less convenient. Sure, they say you should change passwords every 60 to 90 days, but is this really what you want to do just as you’ve remembered a password? Let’s say you have just four passwords (this is an incredibly fictitious scenario since no one has just four passwords). If you changed the password every 120 days (that’s right, not even 60 or 90), there would be 12 different passwords yearly. How long will it take to mix up old and new passwords?
This entire problem has a simple solution – you get a password manager. This is a convenient alternative to writing down your passwords on a piece of paper (that you’re bound to lose at one point). It’s also encrypted for your safety, which makes it near-impossible to crack.
While this is a tall claim, it’s not that far-fetched to say that using a password manager tool might solve most of the problems on this list. Randomizing passwords will be a lot simpler; the same goes for changing them and juggling multiple passwords simultaneously.
3. Waiting for the site to tell you what you can or cannot do
Many people would use the “1234” or “pass” as their password – if the site let them. Fortunately, these sites usually restrict how long the password must be or how many character types you can/should use. If you go under this number, the site won’t allow you to choose that password.
Sometimes, you even get a meter telling you how strong your password is, but most people just ignore it and customize their password as little as they have to pass.
For instance, they’ll type in:
- pass
The platform won’t allow them to go under eight characters, so they’ll change it to:
- password
Then the platform will insist that they add at least one capital letter, so they’ll go with the laziest option available and go with:
- Password
Then the platform will insist that they have at least one numeral, so they’ll go for:
- Password1
Lastly, some sites might even insist you use a symbol, in which case the final password is:
- P@ssword1
So, is this a good password? Absolutely not. Is it better than the original? Sure, but that’s setting a really low bar.
The problem is that you act as if these restrictions are against you. It’s like they’re there just to give you some extra work. In reality, nothing could be further from the truth. If you’re to remove anything from this, you shouldn’t wait for the site’s password policy to compel you to be responsible when making a new password.
4. Realize what’s at stake
In the 1990s and early 2000s, a hacker could burn a virus onto a CD and infect your computer. However, the stakes at that point were not as high.
First of all, personal correspondences were either in person, over the phone line, or via SMS, none of which a hacker could read. Now, if someone gained access to your DMs…
People didn’t use m-banking apps back then and, in general, didn’t use digital assets as much. Bitcoin wasn’t around until 2008; even then, it wasn’t used by many people. The same goes for online payments, etc.
With the IoT, the stakes are getting even higher. Now, someone could access your thermostat or the locks on your home. They could change the architectural plans of the building that your construction firm is currently working on and put so many things at risk. With VR becoming increasingly bigger in this field, this is an even bigger concern.
It’s not just that they’ll slow down your computer or cause your OS to crash (like in the late 1990s). It’s far more serious and dangerous than that. With social media, you’re virtually putting your entire life on the line. It wouldn’t be that far-fetched to say that everything about you is already online. All your preferences, personal data, etc., already exist online in one form or another.
Identity theft is another serious issue. Someone could impersonate you online.
This is just one of the reasons to take your cybersecurity more seriously, but if your passwords are inadequate, there’s nothing you can do about it. With a poor password, it’s only a matter of time before an account takeover happens, and then, it’s all hell breaks loose.
Making stronger passwords is the foundation of everything you do online
There’s a reason why you can’t register without coming up with a password. Even if there’s one mandatory field (usually marked with *), it’s the password one. There’s also a reason so many sites insist on coming up with as strong/unique passwords as possible. The sooner you recognize these mistakes and rectify them, the better.