Skip to main content

Cyber Security Awareness month: 7 bad password habits to break now

If the recent Yahoo breach wasn’t enough to make you re-think your password behaviour, then hopefully Cyber Security Awareness Month is a good reason to start taking it seriously.

The recent Yahoo hack has demonstrated the fallout from keeping old passwords alive on active accounts, and the truth is: we know it’s bad, but we keep doing it anyway. Our recent survey revealed that 95 per cent of users recognise the characteristics of a strong password but 47 per cent still use their initials, friends or family names while 42 per cent use significant dates and numbers – all information that can be easily found. Perhaps most alarmingly, 91 per cent of respondents know there is a risk when reusing passwords but 61 per cent continue to do so.

So, whether at home or in work, here are 7 bad password habits you should aim to break now so you can set yourself up for a more secure online life:

Your password has y2k in it because that was the last time you updated it 

If the last time you updated the password for your email account was when we all thought the Millennium Bug would destroy the planet, we’ve got a problem. Having strong passwords is just as important as regularly changing those passwords, especially if the same password has been used on more than one account.

Without a secure system, such as using a password manager to help create unique passwords for every online account, it’s practically impossible to know when, if ever, those passwords have been updated.

You tell yourself you will remember all your passwords

Our recent survey also revealed the most likely reason people change their passwords is because they forgot it. Are you always hitting the “I forgot my password” link? This is particularly problematic for websites you rarely use– such as renewing the TV licence - and promptly forgetting login details.     

You hit “remember me” all the time

Many websites give you the option to remember your username and password. They might also keep you logged in to the website for as long as they can. This presents two problems. Firstly. anyone with direct access to your computer will have no trouble getting to your accounts. Secondly, you’ll likely forget the username and password if this is the only place it is stored.

You use the same passwords everywhere

Humans are inherently bad at making passwords and continue to reuse the same passwords on all their online accounts, despite the obvious risks. Using unique passwords for all your accounts ensures that if they’re leaked in a breach, they can’t be used by hackers to get into any of your other accounts. A password manager is a simple and secure way of keeping unique passwords in one place.   

You save all your passwords in the browser

Storing passwords in your browser might be super convenient, but unfortunately it won’t keep your passwords and accounts protected. Browser password managers don’t prompt you to login by default, leaving the passwords and accounts you store exposed.

Not to mention, if you ever find yourself on another computer or mobile device, and you didn’t set up automatic sync ahead of time, you’ll be left without your passwords when you really need them.

You don’t hesitate to give out your passwords to friends

At some point you’ve probably had to share a password. It could be a WiFi login with your house guests, giving your Netflix password to your sister, or sharing an account login with a colleague. Whatever the case, passwords should be shared sparingly, and only with those you trust. And when the person no longer needs the password, it should be updated immediately.

A password manager can come in handy here as well, as most are equipped with ways to securely share access to accounts, without the recipient ever seeing the actual password.

You email passwords to yourself or others

In the same way you should be careful about who you share the passwords with, you should also be careful about how you share those passwords. Email is unsafe and should never be used to send sensitive data, especially passwords. And if a website ever sends you password in email, in plain text, notify them immediately and let them know it’s unacceptable. If they’re sending you your password in an email, you know they’re storing your passwords in an unsafe way, and could be jeopardising your personal information. 

Every single one of the above bad habits can be solved by getting started with a password manager tool. Even if you’re already using one, you might still find yourself falling back on some of the above old habits. To maintain a secure digital identity, make a commitment to do an audit of your passwords and online accounts.

Taking action today to lock down your passwords will make you more productive and secure this year.

Joe Siegrist, CEO, LastPass

Image Credit: Christiaan Colen / Flickr