Eight Common Password Mistakes 

Updated on October 27, 2023.

Common password mistakes people tend to make include using weak passwords, insecurely sharing them and improperly storing them. Since password mistakes are such a widespread issue and expose you to many cybersecurity risks, it’s crucial to take your password security seriously.

Poor password hygiene often leads to security breaches, compromised accounts and even identity theft. Continue reading to learn more about the common password mistakes people make and how to fix them.

1. Reusing the Same Password

Two-thirds of internet users reuse the same password for multiple online accounts which puts them at risk of account compromise. You should never reuse the same password for multiple online accounts. Although it may be easier to remember a single password to log in to all of your accounts, it puts you at risk of credential stuffing, in which a cybercriminal uses the stolen password to gain access to your other accounts. If one of your passwords is exposed during a password breach, the cybercriminal can gain access to other accounts that use that compromised password. You should always use a unique and strong password for each of your accounts to prevent credential-stuffing attacks.

2. Changing Passwords With a Single Character

Many internet users try to reuse the same password for multiple accounts but add slight variations to it such as adding a special character or changing a letter to make it slightly different. They will also use this method if they need to update their passwords. 

However, these minor alterations do not make your passwords any more secure. If a cybercriminal gains access to one or more of your passwords, they can find a pattern and predict your other passwords. Cybercriminals often use programs that can identify if passwords are being reused, even if they have slight modifications to them. You should never reuse the same password or versions of the same password with slight modifications. A unique password should be used for each of your accounts.

3. Using Personal Information in Passwords

You put yourself at risk of password breaches if you use personal information in your passwords such as names of family members, birthdates, favorite sports teams, pet names or any other private information. Using information like your pet’s name or even your high school mascot won’t keep you secure as cybercriminals can easily get information about you when you innocently share it online such as on your social media profiles. You should not overshare online to prevent cybercriminals from learning about you. More importantly, you should not use any personal information in your passwords.

4. Sharing Passwords With Others

One of the easiest ways to compromise your password is by sharing it with others through insecure measures. People share their online credentials with others for either personal or professional reasons, and many people send their passwords online through insecure methods such as texting, email or other messaging apps. However, these methods are not secure as they are unencrypted and can be easily intercepted by man-in-the-middle attacks. If one of these methods of communication gets compromised, the cybercriminal will have access to all of the passwords you have sent.

You should never share your passwords with anyone unless it is absolutely necessary. If you do have to share your password, using a password manager is the safest way to do it. A password manager offers a secure way of sharing passwords, and access can be limited to a specific amount of time through one-time sharing, if the password manager offers the feature.

5. Using Passwords That Are Too Short

Using a short password makes it easier for cybercriminals to crack your password. The length of a password is one of its most crucial components. Every additional character, whether it be a letter, number or symbol, increases the number of potential combinations and increases the difficulty of deciphering your password.

Consider this: if someone had a one-character password and you had unlimited chances to guess it, it would likely take you no more than a few minutes to test every key on your keyboard. If you make it a two-character password, the possible combinations are more than ten thousand. Creating a strong password that is 16 characters or more is critical to protect yourself from cybercriminals who have technology that can guess thousands of passwords per minute.

6. Insecurely Storing Passwords

Many people store their passwords on a spreadsheet or notepad to keep track of all of their account logins. However, these methods are insecure ways to store your passwords as they are unencrypted and can easily be stolen by cybercriminals through security breaches or cyber attacks. You need to store your passwords in a password manager that uses an encrypted vault to protect your passwords from cybercriminals. A good password manager is zero trust and assumes all devices are compromised, and therefore, requires verification before allowing access.

7. Using Common Passwords

Some users make the mistake of using common passwords to protect their accounts. They use sequential numbers or letters, keystroke patterns and common dictionary words as their passwords such as “12345”, “1qaz2wsx” or “password.” However, cybercriminals can run through a list of the most common passwords to break into your accounts. You should never use common passwords. Instead, you should make your passwords impossible for cybercriminals to guess.

8. Substituting Letters With Numbers or Special Characters

Some people alter their passwords with numbers or special characters to make it harder for cybercriminals to guess, such as using “P@55w0rd” instead of “Password.” Although it is important to incorporate numbers and special characters into your passwords, substituting letters of your passwords with numbers is not enough to keep your passwords secure. 

It used to be a valid method to strengthen your passwords, but cybercriminals have created advanced technology that can identify if a password has substituted letters with numbers or special characters, especially if a letter can be easily replaced by a similar-looking character. You should avoid substituting letters with numbers or special characters as the only way to secure your password.

How to Fix Your Common Password Mistakes

The best way to fix these common password mistakes is by using a password manager with an integrated password generator. A password manager aids you in creating strong passwords and provides you with a secure way to store them. With a password manager, you will not have to worry about remembering all of your unique passwords and can securely share passwords with others. Password managers also identify weak passwords and prompt you to strengthen them. Sign up for a free trial of Keeper Password Manager to strengthen your passwords and protect yourself from cyber attacks.