Mailfence Blog

Top 5 Bad Password Habits

by · Published · Updated

Passwords are undoubtedly the core authentication layer on all of our accounts. Unfortunately, recent statistics show that accounts get compromised severely due to bad password habits.

 

An infographic displaying general bad habits of a user when choosing a password for an online account.

 

  • Using the same password everywhere 

    Analysts estimate that some 50% of people on the Internet are still using the same passphrase for all of their logins. This is one of the riskiest things you can do online. While massive breaches affecting more consumer websites and services, it’s only a matter of time before one (if not more) of your online accounts gets compromised. If you use the same key word across multiple websites, it only takes one website leak for someone to get access to your other online accounts, and jeopardize your identity.

  • Never updating passwords 

    When was the last time you updated the passphrase for your email accounts? How about your online banking and other financial accounts? Or your social networking accounts? Having strong passwords is just as important as regularly changing them, especially if the same one has been used on more than one account.

 

 

  • Having short passwords 

    Shorter ones (using personal information and/or dictionary words) are easier to crack, that’s why you should be using passphrases instead. According to NIST guidance, one should  consider using the longest password or passphrase permissible (8–64 characters) whenever possible. The longer (and more random) they are, the harder it will be to crack them.

  • Storing passwords in the browser

    Storing them in your browser might be convenient, but it’s not sufficient to keep your passwords and online accounts protected.  As any vulnerability in the browser/browser extension (plugins/add-on’s) can lead to compromising browser password managers, use a password manager instead!

  • Sharing passwords too freely 

    At some point you’ve probably had to share it with someone. It could be a WiFi login with your house guests, or accounts to pay online bills with your spouse, or a login with your business partner. Whatever the case, they should be shared sparingly, and only with those you trust. When the person no longer needs the password, it should be updated immediately.

There is no tip-top solution to avoid bad password habits. Writing down and storing them somewhere safe (e.g. in a safe) can have its own down-side as well. Nonetheless, whatever the way you would like to store your passwords – there are certain measures which can help.

  • The foremost thing is to choose a STRONG PASSWORD or should we say: a PASSPHRASE. The following comic strip sums it up well.
Strong password mailfence blog comic

Source: https://xkcd.com/936/

Here are some tips on having a keeping a strong PASSPHRASE

  • Always use a safe (e.g. an encrypted channel) & trustworthy medium (e.g. not known for having/planting backdoors) for sharing your key word with someone. If possible, give it to the other party in person.
  • Don’t store written copies of your key word (e.g. on sticky notes, your work diary, or on the back of your keyboard). But if you really have to use it temporarily or access it from a written source, be sure to store it in a safe place.
  • Keep in mind the length and complexity of it. Sites like https://howsecureismypassword.com, https://password.kaspersky.com and http://www.passwordmeter.com/ gives you a good password reading on how long it will take to crack your key word.
  • Sites like https://haveibeenpwned.com and https://breachalarm.com lets you check if your account has been compromised in various data-breaches. You must reset the password if you think that your account is compromised.
  • Before choosing a passphrase, services like https://haveibeenpwned.com/Passwords allows you to check if what you are about choose has already been discovered in a data breach.

Above are just few practices which you can apply to protect and safeguard your passphrase.  Above mentioned practices will help reduce the chances of compromising your account.

Get your secure email!

Mailfence is a secure and private email-suite.

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Spread the word!

M Salman Nadeem

Information Security Analyst - Security Team | Mailfence

You may also like...

12 Responses

  1. Ram Singh says:
    March 20, 2016 at 1:55 am

    Sounds great. I would use the suggestion as much as I can. Unfortunately, now a days everyone wants to know our email.

    Reply
  1. 10 tips to protect your computer
    June 5, 2016

    […] Ram Singh on Top 5 bad Password Habits […]

  2. 6 important tips to safeguard your privacy online
    June 5, 2016

    […] Ram Singh on Top 5 bad Password Habits […]

  3. Social engineering: Quid Pro Quo attacks
    June 5, 2016

    […] Ram Singh on Top 5 bad Password Habits […]

  4. Keep your private email account secure
    August 29, 2016

    […] Protect your password. Choose a strong password and don’t reuse it.  If you enter your password in some other website and […]

  5. Security advisory regarding Yahoo hack
    September 28, 2016

    […] account with Mailfence OR any other service, we recommend you to change all those passwords and use different and strong passwords for each of the services you […]

  6. Comment préserver la sécurité de votre compte de messagerie privée - Mailfence - Secure and Private email
    December 1, 2016

    […] un premier temps, choisissez un mot de passe fort et veillez à ne pas le réutiliser. Si vous entrez votre mot de passe dans un quelconque autre […]

  7. 11 tips on how to avoid social engineering schemes - Mailfence - Secure and Private email
    December 7, 2016

    […] different logins for each service and secure your passwords: Make sure your passwords are strong and don’t re-use […]

  8. Tips to backup your data securely -
    February 2, 2017

    […] criminals: they have the tools and knowledge to crack or guess your passwords (which are probably too simple and weak) in just a few […]

  9. What is a Keylogger and how to protect yourself from a keylogger -
    February 7, 2017

    […] a password-change schedule (for e.g. every 3 […]

  10. Hacked email: What to do when your email-is-hacked
    April 19, 2017

    […] Do not panic!  Stay calm.  We do know it’s easier said than done, but yeah! Before you do anything else, evaluate how much damage is done.  Thus start with checking the security settings to revert any possible changes a hacker may have done:  change of alternate email address?, change of phone number?, TFA enabled/disbaled?, …. Log into your email account; if the hacker changed the password, click the “Forgot Password?” link or its equivalent. Once you have access to your account, change your password right away. Make sure to avoid bad password habits. […]

  11. Email security and privacy awareness course -
    June 9, 2017

    […] Bad Password Habits – 3 min read […]

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code

This site uses Akismet to reduce spam. Learn how your comment data is processed.