‘Hackers love it’ when you see these 6 biggest password mistakes, says security expert

Increased cyberattacks in 2022 have created a high-risk internet landscape. But for many people, hitting “refresh” on their password habits still isn’t a priority.

As a cybersecurity advisor, I consistently hear stories about people getting their personal information stolen because they made a simple mistake like using the same password for multiple website logins.

After 20 years of studying online criminal behaviors, tactics, techniques and procedures, I’ve found that hackers love it when people make these six password mistakes:

1. Reusing the same password.

2. Only creating unique passwords for ‘high-risk’ accounts.

Many users only create unique passwords for accounts they believe carry sensitive information, or that have a higher likelihood of being breached, like online banking or work applications.

But even basic user information that lives on “throwaway” accounts can contain data points that fraudsters use to impersonate legitimate users. Just your email address or phone number alone can be valuable to bad actors when combined with stolen information from other breaches.

What to do: Protect all accounts — even the ones you rarely use — with one-of-a-kind passwords.

3. Not using password managers.

4. Creating simple passwords that contain personal information.

The best passwords aren’t necessarily complex, but they are hard to guess. Passwords that provide the high protection are personal to you and don’t contain easily gleaned information, such as your name and birthday.

For example, strong password foundations may be a favorite song lyric or your go-to order at a restaurant.

What to do: Design passwords that are at least 12 characters long and avoid using personal information that can be easily guessed. They should also be memorable to you and contain a variety of characters and symbols.

5. Opting out of multi-factor authentication systems.

Even the most complicated passwords can be compromised. Multi-factor authentication creates an extra layer of protection by requiring verification beyond your username and password each time you log in.

Most often, this is done through one-time passwords sent to you via SMS or email. It’s an extra step, but it’s well worth it — and it creates another hurdle for attackers to jump through.

What to do: There is no way to add two-factor authentication to services that don’t natively offer it, but you should turn it on wherever it’s supported.

6. Being apathetic about password habits.

You may also like...