And what I am doing to fix them.
Confession: I was insecure…when it comes to passwords.
I hate “passwords,” “usernames,” “create accounts,” “logins,”and “portals.” Those words make me cringe because it’s more administrative energy than I want to expend most days. Yet, we are asked to create new accounts with every new website, every new platform, every new account. As a mom of 3, that means a new account for every new sports team, camp or doctor’s office. As a military spouse, that means a new password for every new utility company, housing company, and medical office. It’s too much and it’s overwhelming!
According to Security brief, New Zealand, the average person has 100 accounts that require passwords. With all of those passwords, it’s no wonder 81% of data breaches are due to insecure passwords! I am guilty of all of these common password mistakes! Or I guess, I WAS guilty of all of these common password mistakes. While I talk more about password managers in Why Military Families Need a Password Manager, today I’m going to talk about the biggest password mistakes I’ve made and how I fixed them.
Password Mistake #1: Easy to Guess Passwords
For years, I had the same password, and it was ridiculously easy to figure out. Clifford and Sharon Profis suggest not using easy to remember phrases, names or information. If someone can glean your social media profile and figure out your pet’s names, your children’s birthdays, or your favorite sports teams then these would be terrible passwords. Obviously “Password” or “Password123” would also be a bad choice as well.
Password Mistake #2: The Same Password for Every Account
This was my biggest mistake and the biggest habit that I have to break. When I did my Google Password Check I had 105 REUSED PASSWORDS! And it was all the same password! Needless to say, I have remedied the problem and I am determined to break the habit! Now with the use of the Google strong password and the Keeper I have unique and secure passwords for all bajillion of my online sites. It took a little while to go back and check them all, but by using Google password manager I was able to see all the accounts I had set up on Google and go back and fix them. If I come across sites not on Google, I am doing my best to fix those and store the password in the password manager at the same time.
Password Mistake #3: Not Storing your Passwords in a Password Manager
Which brings me to the third mistake I was making. If you are trying to remember all of your passwords all of the time this is a perfect storm for frustration and wasted time. BELIEVE ME, I know! If you really don’t like the options for password managers or don’t trust an online system, you should have a handwritten master list stored somewhere securely. Password expert (and former hacker) Frank Abagnale warns against keeping this list on your phone or device as a Google or Excel spreadsheet though. If someone does gain access to your phone, you have just handed them the keys to the kingdom. Having said this, I realized I was making the 4th password mistake as well. Read more about my recommendations and reasons Why Military Families Need a Password Manager.
Password Mistake #4: Using an Easy Phone Password
So much information is stored on our phones! By not using a hard to guess phone password, I was leaving myself vulnerable to someone stealing A LOT of personal information. I get it, I made mine easy so my kids could get into my phone in an emergency (does anyone even have a landline anymore?). So make that first interface with your phone difficult enough that someone couldn’t easily pick up your phone and get into all of your accounts. If you have little ones at home and are worried that they won’t be able to access your phone, don’t worry. Kids seem to be able to remember anything that allows them to play games and watch videos!
Password Mistake #5: Not Using Two-Factor Authentication
Two-factor authentication is one of the best ways to make sure your accounts are not accessed by an outside source. Be careful, though, when going overseas. If you set up a new phone number outside the U.S. this can make it impossible to send text messages. All in all, two-factor authentication is a good idea especially on your financial accounts.
So, while I am obviously not an expert when it comes to passwords, I have taken these past few weeks to make some big changes. First, I changed ALL of my passwords to more secure passwords. Then, I updated those passwords in my password manager. Next, I changed my phone passcode. LastIy, I set up two-factor authentication when applicable. It did take a little time and patience, but overall, I am feeling confident that my accounts are more secure. How do you feel when it comes to the most common password mistakes? Are you an expert or just overwhelmed with the sheer amount? Leave me a comment and let me know about your password struggles!
And for those passwords that you need to write down (and should) download my FREE PASSWORD LIST here.
17 Responses
This is great advice – I see clients making these mistakes all the time. I use a password manager which securely stores all my passwords so I don’t have to remember them or type them in. I can’t imagine what I’d do without it!
When my husband first started using it, I was so annoyed by the thought! Now, I use it all the time!
I’m glad you mentioned two-facto authentication. That is an important one.
It takes a little bit longer, but I feel like it is so worth it.
It’s hard to remember, but there was a time when we didn’t have passwords. I know. I’m dating myself. But seriously, passwords are required for everything. And as more and more of our lives exist digitally, have a system with security is essential. I love all of the suggestions you shared and will be reviewing my own system to see what improvements I can make.
I know. I remember those times, too. I was reluctant to get on board with the times, but slowly I’m getting there!
Jana, this is such a good round up of what most of us are doing (and shouldn’t be doing!) when it comes to the dreaded passwords. At one point, you could tell how many *years* it had been since I created my passwords by comparing my kids’ ages to the “secret” clue in the passwords. No more!! Such a good point about making it not so easy to get into our phones, too. A system is only as good as its weakest point 🙂
Yes to the passwords and chronology! HAHA! I can tell what year I signed up for which account by my (former!) passwords! So glad you got them updated! Thank you so much for reading. My youngest is a Lucy too. : )
I’ve done pretty well on most of these, but there is always room for improvement. Somebody shared a nightmare story on POINT and that got me doing the 2-factor identification. I could do better with my passwords, though!
I’ve heard nightmares too and it’s what propelled me to start taking my own security more seriously! And yes, to there always being room for improvement! Even with all the changes I’ve implemented I’ll need to go back at least annually to check up on everything.
These are fabulous tips, Jana. I think we are all guilty of making at least one of these mistakes. I really like the two-step authentication process and have it set up on almost all of my financial accounts.
Thank you so much! Yes, the two step authentification process is key!
Two-Factor Authentication is my downfall. I do use it on some sites but not many. When I am travelling and don’t have phone and wifi access at the right time it can be impossible to get something you need because you can’t receive the code you need. Passwords are also a nightmare when someone dies and you are trying to shut down their accounts. Make sure someone has this information. Thanks for a good article.
This is an important round-up. I use the best security for “important” sites; I’m using unique, complex passwords and passphrases, some not even in English, and two-factor authentication. For financial accounts, or anything related to my business, I don’t mind at all, but I have to admit, it’s frustrating to have jump through all those hoops just to be able to read an online article. I really don’t want 50 different passwords to read 50 different online magazines that let you have a free log-in anyway. Sigh. But of course, your advice is essential.
I have to say, using my fingerprint on my new Mac keyboard combined with my digital password manager is delightful. I miss my old iPhone’s thumbprint access; the facial recognition on my new iPhone is slower, and masks make it all the more complicated.
Oh, I agree completely! I wish it were simpler yet MORE secure. I guess we’ll see what advances come next, but I am totally annoyed as well with all the hoops. My facial recognition NEVER works when I really need it to!
If all people could just agree to not be devious on the internet, we would be fine. Unfortunately, that’s not the case. Thank you so much for reading and solidarity! I understand the frustration!
These are great tips! I once learned from a cybersecurity expert that putting a symbol/number, number/symbol at the beginning and end of a password is effective. So like, $3thisismypassword3$. That was a few years back, so who knows if it’s still accurate? Even though I don’t like the autogenerated safe passwords, I’m starting to use them more and more to be as safe as possible.
I think just as fast as these technologies advance to keep us safe, the technologies that are trying to cause harm are advancing faster! Ok, wow, I sound paranoid. Ha! But with all the bots and systems that are totally dedicated to obtaining information the more we have to adapt. My “go-to” is still to put in one of my old, trusty passwords because it’s faster. But, in the end, unraveling identity theft would take infinitely more time. So, begrudgingly, I use the new secure systems. But, it takes time to unlearn those new habits! Thank you so much for reading. : )