Top 5 Bad Password Habits

Passwords are undoubtedly the core authentication layer on all of our accounts. Unfortunately, recent statistics show that accounts get compromised severely due to bad password habits.

An infographic displaying general bad habits of a user when choosing a password for an online account.

Bad password habits 101

  • Using the same Password everywhere

    Analysts estimate that some 50% of people on the Internet are still using the same passphrase for all of their logins. This is one of the riskiest things you can do online. While massive breaches affecting more consumer websites and services, it’s only a matter of time before one (if not more) of your online accounts get compromised. If you use the same keyword across multiple websites, it only takes one website leak for someone to get access to your other online accounts, and jeopardize your identity.

  • Never updating passwords 

    When was the last time you updated the passphrase for your email accounts? How about your online banking and other financial accounts? Or your social networking accounts? Having strong passwords is just as important as regularly changing them, especially if the same one has been used on more than one account.

bad password habits

More bad password habits…

  • Having short passwords 

    Shorter ones (using personal information and/or dictionary words) are easier to crack, that’s why you should be using passphrases instead. According to NIST guidance, one should consider using the longest password or passphrase permissible (8–64 characters) whenever possible. The longer (and more random) they are, the harder it will be to crack them

  • Storing passwords in the browser

    Storing them in your browser might be convenient, but it’s not sufficient to keep your passwords and online accounts protected.  As any vulnerability in the browser/browser extension (plugins/add-on’s) can lead to compromising browser password managers, use a password manager instead!

  • Sharing passwords too freely 

    At some point, you’ve probably had to share it with someone. It could be a WiFi login with your house guests, or accounts to pay online bills with your spouse, or login with your business partner. Whatever the case, they should be shared sparingly, and only with those you trust. When the person no longer needs the password, it should be updated immediately.

There is no tip-top solution to avoid bad password habits. Writing down and storing them somewhere safe (e.g. in a safe) can have its own down-side as well. Nonetheless, whatever the way you would like to store your passwords – there are certain measures which can help.

  • The foremost thing is to choose a STRONG PASSWORD or should we say: a PASSPHRASE. The following comic strip sums it up well.
Strong password mailfence blog comic

Here are some tips to avoid bad password habits

  • Always use a safe (e.g. an encrypted channel) & trustworthy medium (e.g. not known for having/planting backdoors) for sharing your keyword with someone. If possible, give it to the other party in person.
  • Don’t store written copies of your keyword (e.g. on sticky notes, your work diary, or on the back of your keyboard). But if you really have to use it temporarily or access it from a written source, be sure to store it in a safe place.
  • Keep in mind the length and complexity of it. Sites like,, and give you a good password reading on how long it will take to crack your keyword.
  • Sites like and lets you check if your account has been compromised in various data breaches. You must reset the password if you think that your account is compromised.
  • Steps to take when your email is hacked.
  • Set up Two-Factor Authentication(2FA)

Above are just few practices which you can apply to protect and safeguard your passphrase.  Above mentioned practices will help reduce the chances of compromising your account.

Get your secure email

Mailfence is a secure and private email-suite.

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Avatar for M Salman Nadeem

M Salman Nadeem

Information Security Analyst - Security Team | Mailfence

You may also like...