increased cyber attacks in 2022 A high-risk internet landscape has been created. But for many people, “refreshing” on their password habits is still not a priority.
As a cyber security consultant, I constantly hear stories of people stealing personal information because they made a simple mistake like using the same password for multiple website logins.
After 20 years of studying hacker behavior, tactics, techniques and procedures, here are the most common password mistakes online criminals love to see – and how to keep their accounts secure:
1. Reusing the same password.
more than two thirds of Americans Do this, but it only allows data breaches to remain dangerous for years after they occur.
To avoid having to create a new password for each account, people reuse passwords with slight changes, such as an additional number or symbol. But they’re also easy for hackers to guess, and they don’t match software designed to quickly test iterations of your passwords.
What to do: Develop unique passwords for each of your accounts. Although it may sound daunting, password managers can be a great help in designing and organizing your password library.
2. Creating unique passwords only for ‘high risk’ accounts.
Many users create unique passwords only for accounts they believe contain sensitive information, or that are more likely to be breached, such as online banking or work applications.
But even basic user information residing on “throwaway” accounts can contain data points that fraudsters use to impersonate legitimate users. Only your email address or phone number can be valuable to bad actors when combined with information stolen from other breaches.
What to do: Protect all accounts—even the ones you rarely use—with one-of-a-kind passwords.
3. Not using password managers.
In addition to multi-factor authentication, password managers are essential technologies that can strengthen smart password habits.
These managers can help you create unique, single-use passwords and auto-fill them in the accounts they’re linked to – a big step forward 55% users Those who manage passwords from memory alone.
Even if you accidentally click on a phishing link, your password manager may recognize the discrepancy and choose not to auto-fill.
What to do: Choose a password manager that best suits your personal comfort level and technical needs. Some reliable options that are regularly reviewed include: 1password, Bitter, Dashlane And last passWhile they all offer similar functionality, each differs in extended features and cost.
4. Creating a simple password containing personal information.
The best passwords are not necessarily complicated, but they are hard to guess. High security passwords are personal to you and do not include easily aggregated information such as your name and birthday.
For example, a strong password foundation could be a favorite song song or your go-to order at a restaurant.
What to do: Design passwords that are at least 12 characters long and avoid using personal information that can be easily guessed. They should also be memorable for you and should contain a variety of characters and symbols.
5. Opting out of the multi-factor authentication system.
Even the most complex passwords can be compromised. Multi-factor authentication creates an additional layer of security by requiring verification beyond your username and password every time you log in.
Mostly, this is done through a one-time password sent to you via SMS or email. It’s an extra step, but it’s worth it – and it creates another obstacle for attackers to jump over.
What to do: There’s no way to add two-factor authentication to services that don’t offer it natively, but you should turn it on wherever it’s supported.
6. Being indifferent to password habits.
It’s easy to think that cyberattacks won’t happen to you. But given that data breaches and other cyber threats carry a high risk of identity theft, financial loss, and other dire consequences, it’s best to be prepared for the worst.
As long as you’re an Internet user, you’ll always be a potential target – and indifferent password habits increase your risk level even more.
What to do: Don’t assume that you are safe. Keep reevaluating your password cleanliness as new authentication technologies come in and adopt them early.
john shearer is a senior security consultant at Sophos, and has over two decades of cyber security experience. He is passionate about protecting consumers and organizations from advanced threats. John has been featured in publications including Reuters, Wired, CNN and Yahoo. follow him on twitter @john_shier,
Don’t miss: