Top 5 Bad Password Habits

Passwords are undoubtedly the core authentication layer on all of our accounts. Unfortunately, recent statistics show that accounts get compromised severely due to bad password habits.

 

An infographic displaying general bad habits of a user when choosing a password for an online account.

 

  • Using the same password everywhere 

    Analysts estimate that some 50% of people on the Internet are still using the same passphrase for all of their logins. This is one of the riskiest things you can do online. While massive breaches affecting more consumer websites and services, it’s only a matter of time before one (if not more) of your online accounts gets compromised. If you use the same key word across multiple websites, it only takes one website leak for someone to get access to your other online accounts, and jeopardize your identity.

  • Never updating passwords 

    When was the last time you updated the passphrase for your email accounts? How about your online banking and other financial accounts? Or your social networking accounts? Having strong passwords is just as important as regularly changing them, especially if the same one has been used on more than one account.

 

 

  • Having short passwords 

    Shorter ones (using personal information and/or dictionary words) are easier to crack, that’s why you should be using passphrases instead. According to NIST guidance, one should  consider using the longest password or passphrase permissible (8–64 characters) whenever possible. The longer (and more random) they are, the harder it will be to crack them.

  • Storing passwords in the browser

    Storing them in your browser might be convenient, but it’s not sufficient to keep your passwords and online accounts protected.  As any vulnerability in the browser/browser extension (plugins/add-on’s) can lead to compromising browser password managers, use a password manager instead!

  • Sharing passwords too freely 

    At some point you’ve probably had to share it with someone. It could be a WiFi login with your house guests, or accounts to pay online bills with your spouse, or a login with your business partner. Whatever the case, they should be shared sparingly, and only with those you trust. When the person no longer needs the password, it should be updated immediately.

There is no tip-top solution to avoid bad password habits. Writing down and storing them somewhere safe (e.g. in a safe) can have its own down-side as well. Nonetheless, whatever the way you would like to store your passwords – there are certain measures which can help.

  • The foremost thing is to choose a STRONG PASSWORD or should we say: a PASSPHRASE. The following comic strip sums it up well.
Strong password mailfence blog comic

Source: https://xkcd.com/936/

Here are some tips on having a keeping a strong PASSPHRASE

  • Always use a safe (e.g. an encrypted channel) & trustworthy medium (e.g. not known for having/planting backdoors) for sharing your key word with someone. If possible, give it to the other party in person.
  • Don’t store written copies of your key word (e.g. on sticky notes, your work diary, or on the back of your keyboard). But if you really have to use it temporarily or access it from a written source, be sure to store it in a safe place.
  • Keep in mind the length and complexity of it. Sites like https://howsecureismypassword.com, https://password.kaspersky.com and http://www.passwordmeter.com/ gives you a good password reading on how long it will take to crack your key word.
  • Sites like https://haveibeenpwned.com and https://breachalarm.com lets you check if your account has been compromised in various data-breaches. You must reset the password if you think that your account is compromised.
  • Before choosing a passphrase, services like https://haveibeenpwned.com/Passwords allows you to check if what you are about choose has already been discovered in a data breach.

Above are just few practices which you can apply to protect and safeguard your passphrase.  Above mentioned practices will help reduce the chances of compromising your account.

Get your secure email!

Mailfence is a secure and private email-suite.

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team


Spread the word!

M Salman Nadeem

Information Security Analyst - Security Team | Mailfence

You may also like...