Resource Corner

The Biggest Password Mistake to Avoid Making

Learn the top password mistakes you shouldn't be making and why.
password in asterisks

Whether you're a complete tech junkie or an online novice, you'll be familiar with passwords. You'll also probably be aware that your passwords might not be as strong as they should be.

Research by password manager NordPass found that of the 200 most common passwords, 70% of them can be cracked in under a second. Likewise, cybersecurity company Keeper Security found that three-quarters of people do not follow password guidelines, with two-thirds using weak or identical passwords across multiple accounts.

While not all passwords are created equal, Nord’s research found that the strongest passwords are reserved for financial accounts while streaming accounts have the weakest—the evidence is clear; in general, people are neglecting at least some of their password safety.

You may think that the password for a streaming account is small potatoes and that hackers simply wouldn't care about accessing your account, but using weak passwords can have far-reaching, unintended consequences.

We'll explore the top password mistakes you shouldn't be making and why, no matter the account they're protecting.

Reusing passwords across multiple accounts

While people may know that they're not supposed to reuse passwords across multiple accounts, the majority still do. A survey by Google found that 65% of people reuse passwords, with 13% reusing the same password across all accounts. Likewise, a survey by LastPass found that while 91% of respondents said they recognized the risks of reusing passwords, 59% said they did so anyway.

While you may think reusing passwords is easy and convenient—after all, it means you only have to remember one password instead of a dozen—it actually leaves you vulnerable to cyberattacks. By reusing passwords, you open up as many accounts as the password is reused for to hackers if that password is revealed in a data breach.

Cyberattacks which involve cybercriminals using dozens of combinations of login information exposed in previous breaches in an attempt to gain access to victims' other accounts are known as credential stuffing attacks, as hackers 'stuff' login information into login portals until they gain access. These cyberattacks can have far-reaching consequences.

Not using complex passwords

Reusing passwords is not the only password mistake you can make. Using simple, easily guessed passwords is also a big no-no.

You may have been annoyed by sites that require you to use 8-14 characters, special characters, numbers, and/or capital and lowercase letters before deeming your password 'strong' enough, but this inconvenience ultimately ensures your cyber-safety.

If you use weak passwords, you are leaving your account open to hackers who wish to steal your, or your company's, data. Hackers launch 'brute force' attacks, using trial and error to guess passwords or other login credentials, and gain access to accounts. This can either be done manually or by using software that inputs the passwords for them. Using weak passwords makes guessing easier for hackers and allows them to access your or your company’s accounts far more easily.

Complex passwords are at least eleven characters long, and consist of a range of upper and lower case letters, numbers, and special characters, for example, &, * or !. You may argue that this makes them harder to remember, and while this is true, this is where password managers, with their ability to both generate and save passwords, come in handy. They don’t even need to cost a penny, either, with many great free password managers out there.

Using passwords that contain personal information

Some folks include personal information, like birthdates and pet names, to help them remember passwords. You might think that these things are unique enough to you that they won't be guessed but, unfortunately, this isn't the case.

Personal information can be accessed during other data breaches. Once this information is made available to cybercriminals via sale on the dark web, they can then use this information to access other accounts. 

The key to avoiding these cyberattacks is to use passwords that do not contain any personally identifying or obvious information. One way to do this is to create a 'passphrase', a sentence made up of seemingly random words. These passphrases can be as little as eight characters but can go up to 100 characters. When creating a passphrase you should avoid using well-known quotes or phrases, as these make the passphrase easier to crack. 

Alternatively, use a password generator to come up with strong passwords that are both random and unique. 

However you come up with your complex passwords, they can then be saved using a free or paid password manager, keeping you, your accounts, and your data safe.


All content is for informational purposes only and does not constitute legal, tax, or accounting advice. You should consult your legal and tax or accounting advisors before making any financial decisions.