You likely protect your bank account with a password — or at least you assume it’s protected. Sadly, not every password actually secures your data — a robust lock means little if the key is weak. So what are the most harmful password habits, and how can you fix them? Let’s explore.
7 Worst Password Habits to Avoid
Steer clear of these password mistakes to bolster your online security.
1. Reusing the Same Password Everywhere
We understand — it’s convenient to reuse a single password across multiple sites. Juggling a long list of different passwords is a pain, so relying on the same credentials for your bank, streaming services and other accounts can be tempting. But using the identical password across accounts significantly raises the chance that one breach will expose much of your digital life.
How do you fix this? Make unique passwords for each of your accounts. That sounds daunting, but that’s exactly why a password manager is useful: it secures your digital life while making logins quick and painless.
2. Skipping a Password Manager (Yes, Seriously)
We’ll say it again for emphasis — use a password manager! Trying to maintain a long list of strong, unique passwords is stressful and often leads to risky shortcuts. Save yourself the trouble and install a password manager; we’ve put together recommendations for the best options.
Password managers generate strong passwords and keep them in an encrypted vault unlocked by a single master password (no more memorizing dozens of strings). Most will autofill credentials so you can sign into sites or apps with a click, a tap, or a biometric unlock like Face ID or Touch ID.
3. Handing Out Passwords Thoughtlessly
Sharing passwords isn’t always catastrophic, but you should think twice before giving away login details. Sharing a streaming-service password with friends or family may seem harmless, but those accounts can let others change billing info, upgrade to pricier tiers, and in some cases view partial credit card details.
And don’t even consider sharing your bank credentials — never provide that information to anyone who isn’t an account holder.
If sharing is unavoidable, learn how to share credentials securely and weigh the risks before distributing those precious combinations of characters and symbols.
Not surprisingly, the safest way to share a password is through a password manager’s sharing feature (many have free tiers).
4. Writing Passwords Down Where Anyone Can See Them
We live in a digital era, and while jotting passwords on paper can sometimes be secure, most people don’t keep these notes in a safe place. Often passwords end up scribbled on sticky notes, scraps of paper, or even taped to a monitor.
Don’t even mention those password journals that boldly advertise their purpose on the cover — definitely not a smart move.
If you insist on recording passwords by hand, keep them in a locked book stored in a safe when not in use. But why wrestle with a physical record when you can secure everything on your device?
Again, we recommend using a password manager to encrypt and store your credentials safely instead of relying on paper.
5. Choosing Weak or Predictable Passwords
Simple passwords are easy to recall, but they offer little protection. Attackers have numerous methods to crack accounts, like brute force and dictionary attacks. The easier your password, the more likely these methods will succeed.
Create strong passwords by using at least 12 characters — 16 or more is even better. The strongest passwords are random mixes of letters, numbers and symbols.
Also, avoid passwords that incorporate personal details such as birthdays, pet names, or blatantly simple phrases like “password” or “1234.”
6. Skipping Two-Factor Authentication
Password-only protection is a decent first line of defense, but for your most valuable online accounts you should enable two-factor authentication (2FA).
When 2FA is enabled, logging in requires two pieces of information. The first is typically your password; the second is a secure code sent via text, email, or phone call, or produced by an authenticator app on your smartphone.
This extra step means that even if someone obtains your password, they still lack the second element needed to access your account.
7. Never Changing Your Passwords
Keeping the same password for months or years may seem easier, but it can be less secure. Breaches happen frequently, and sometimes it takes companies a while to detect a breach and notify users. As a precaution, rotate your passwords periodically to enhance account safety.
Experts often suggest updating passwords every few months, but that can be impractical across many accounts. Instead, focus on changing your most sensitive passwords — like those for online banking and financial services — every few months.
Frequently Asked Questions (FAQs)
Poor passwords tend to be short and lack variety. Examples of weak passwords include: password, 12345, qwerty, password! or iloveyou.
Also avoid passwords built from personal details like dates, pet names, or locations: fluffy21, newyorkgirl or july41965 are all risky choices.
Your password should not contain easily guessed personal information such as names, dates or places. Such details make a password vulnerable to guessing and hacking.
Instead, choose a password made up of random letters, numbers and symbols and aim for at least 12 characters to keep accounts safe.
To understand what makes a password poor, consider what makes one strong: a mixture of random characters (letters, numbers, symbols) at least 12 characters long.
Weak passwords are typically brief, simple and often include guessable personal data. Creating robust, unique passwords is a key step toward eliminating bad password behaviors.
Amanda Blake is a former senior writer with Savinly focusing on technology.
