It will never cease to baffle me how many people still choose childishly simple passwords like “12345” or “password” to attempt to secure their digital accounts and devices, and how those same people — even if they choose a sufficiently complex password — will nevertheless marry their password with easy-to-guess password recovery answers.
For some reason, the only time we don’t even blink an eye regarding these kinds of slipshod practices is when it comes to securing our digital accounts. In the real world, of course, nobody would ever willingly hand over something like their house key just because a guy walked up and said he knows your mother’s maiden name or where you went to high school. Yet, this is exactly what we do too often in the online realm, which is the kind of thing that leads to so many of the hacks, data breaches and leaks that have dominated cybersecurity news headlines this year. In this post, which comes just a few days after World Password Day, will take a closer look at some of the password-related mistakes you should avoid — and some best practices you should follow.
Here are three dumb password mistakes to avoid, based on insight from experts like the security professionals at McAfee:
- Stop reusing passwords. Don’t ever do this, even though it makes it easier to remember your login credentials.
- You know the K.I.S.S. principle (Keep it simple, stupid?) In this case, involving the selection of a password, you’ll want to do the exact opposite of that. Passwords need to be as complex as possible. Letters, numbers, special characters, and a mix of upper and lower-case — all of that should be included.
- And try not to choose something that’s personal to you. In other words, don’t have some easily-guessable factoid like your dog’s name baked into the password, or your anniversary date. Keep it impersonal.
“According to a recent survey we conducted, 34% of Americans have reused the same, or similar, password more than once,” notes a McAfee blog post this month. “By using the same password for multiple accounts, attackers only need to find one password, creating a domino effect that makes it easier to access more accounts. If that password is weak, it becomes even easier to tip over that first domino.”
Other best practices to consider: You know those password recovery questions? The ones that you set up to help you recover or reset a password? Not enough attention in these kinds of best practice guides tend to be given to them, even though there are scenarios where they can undo the best work of having set up a solid password. Congratulations — you chose a great password, but here comes a hacker to undo it all because he knows what year you graduated high school.
One thing to consider is that there’s nothing that says you have to tell the truth when answering those password recovery questions. Pick the name of a different high school! Give the system your mother’s first name, instead of her maiden name like it asks for (of course, you’ll have to remember these lies, so that’s one downside here). But it’s one more layer as an obstacle between you and the hackers trying to get access to your accounts.