Amateur Move: Are You Making One of These 7 Password Mistakes?

Did you know that "password" was one of the top 10 most used, well, passwords in 2016?

What a time to be alive!

It's a time when developers have created better (and easier!) ways of staying secure online, but people still muck it up by making rookie password mistakes.

Don't be a rookie. And don't make the amateur move of endangering your clients' sensitive personal information by using weak passwords that can easily be cracked.

Not sure about the effectiveness of your password? Your password may be vulnerable if you're making one of these seven mistakes:

1. Your password is less than 12 characters long. In the early days of the web, passwords were typically eight characters long. Today, eight characters are fairly simple to crack, and security experts recommend that 12 should be now be the absolute minimum. While it may be harder to remember, longer passwords are also much harder to crack.

2. Your password has just one word. If you're looking to make your passwords longer and stronger, using a pass phrase rather than a single word is an easy way to do it. By using an entire phrase, your password is longer and more difficult to guess. Don't pick a well known quote or phrase—instead, use something obscure that has meaning to you. Add in random capitalization, characters, substitute a few letters for numbers and you're well on your way to a stronger password.

3. You use simple keyboard patterns. Long passwords made of out of simple keyboard patterns may seem like an easy path to security, but they're extremely common and therefore easy to guess. Sure, 1q2w3e4r5t6y looks like a difficult password, but upon closer examination, it's obvious that this password is just the first few numbers alternating with the first few letters on the keyboard. Stay away from this method to stay safe.

4.  You're afraid to be weird. Notice one thing about those "worst passwords"? That's right, they're all pretty generic and predictable. Don't shy away from using a bizarre or nonsensical password. After all, who's going to see it but you?

5. Your password is either all numbers or all letters. To make your password tough to crack, combine numbers and letters together. To get extra tough, capitalize some of the letters and incorporate characters (e.g., !@#$%). If you want a mnemonic aid, swap out letters for numbers, like 3 for "e" or 0 for "o."

6. You use your birthday or favorite sports team. Don't put well known information about yourself in your passwords. If you're an avid Dodgers fan, for example, don't use 'dodgers' in your password. That can easily be guessed by someone who knows you, or even someone who intuits it from your social media profiles. Even though team names don't make the top 25 worst password list, they frequently appear in the top 100 worst passwords. As for birthdays, if you're looking to incorporate numbers that have significance to you, try to be obscure as possible, like the street number of your childhood home or the defunct number of an old friend.

7. You use the same log-in information everywhere. So you use the same password/user name combination for many sites and apps? Stop now! If criminals do crack your password on just one site, they can potentially access all of your accounts. Protect yourself by using a different password for every site.

Two Quick Password Hacks

The two major challenges to implementing password best practices is in creating the passwords and keeping track of them. Here are a couple of easy ways to overcome these obstacles:

• Use a random password generator. Having a hard time coming up with strong passwords on your own? A password generator can do it for you! There are tons of free ones just a Google search away, including this one.
• Use a password manager. If all these complicated passwords are too much hassle to remember, try a password manager. These solutions keep track of the log-in information for every website and app you use. They're an easy way to keep track of long and hard-to-remember passwords, and can even generate random (and virtually unbreakable) passwords for you. LastPass and Sticky Password are two great options.

Bonus tip: Honestly, we know not everyone is going to take the advice above to heart. So at the very least, consider activating "two-factor authentication" in the accounts you use. This security measure requires that you not only enter your password to log-in, but also a secondary method of proving that you're you. This could be entering a code texted to your mobile number, or answering a security question like your first-grade teacher's last name. It keeps your accounts much safer than using a password alone!

You can learn more about this topic here: Two-Factor Authentication: Who Has It and How to Set It Up.