Entering a password when logging in to one of the dozens or hundreds of services has become commonplace and most of us rarely think about it. Typically, users use simple passwords that are easy to remember to speed up the login or account process. However, this is just one of the many mistakes that users make when creating a combination to protect their account login.
Technom has compiled a list of the 5 most common mistakes users make when creating and using passwords.
1. Creating simple passwords
Problems often start with creating the password itself. Most people create short and simple combinations that are easy to remember. Although now most services have certain requirements for the minimum number of characters and their type. For several years in a row, the combination “12345” is one of the five most popular user passwords. Read also The Committee of the Council recommends to continue to block Russian social networks In addition to simple and obvious words, a popular mistake of users is to use details from personal life in the text of passwords. 6 out of 10 adult users used a loved one’s name or birthday in their passwords. Therefore, experts recommend creating a complex combination for login, and if possible, you should use two-factor authentication (2FA) for an additional level of protection against different types of attacks. More tips on creating a strong password are available at the link.
2. Passwords Reuse
One of the most common mistakes is to reuse passwords. After successfully creating a password for one service, most users start using it for other services as well, so as not to worry about creating a new login key. According to a Google survey, 52% of respondents reuse the same password for multiple accounts, and 13% for all their accounts. The most serious problem with password reuse is being able to be attacked by filling in credentials. During such attacks, attackers use bots to hack sites using stolen credentials from other services until the right combination is found.
3. Saving passwords as text
Another common mistake is saving passwords on paper or in notes and text documents on computers or smartphones. In the first case, anyone will be able to access your data without additional effort. Therefore, in the case of writing a password on paper, write not the password itself, but tips to help remember it. Also, do not store your records in public. Storage on devices is even more dangerous, because if the device is infected with malware, attackers will be able to access all accounts.
4. Sharing passwords
Another mistake is sharing passwords. According to Google, 43% of users admitted to sharing passwords with others. These include passwords to streaming services, e-mail accounts, social networks, and even online shopping accounts. More than half of those surveyed said they shared the password with a close friend. After sending the password to someone else, the security level of this account drops sharply. Because you can’t control the actions of another user, who can also share credentials with someone else. Besides, an important point is the method of transmitting credentials to a friend. If you send login data via e-mail or instant messenger, you run the risk of being attacked by attackers. Another important thing to remember: a shared password gives access to another user and allows you to perform any action. For example, in the case of credentials being distributed to online shopping platforms, another user sees all payments made and can access your credit card if they wish.
5. Periodic password changes
In some organizations, there is a rule to change passwords every two or three months “for security reasons.” But contrary to popular belief, changing your password regularly (without evidence of theft) doesn’t automatically make your account more secure or harder to hack. According to research, users recklessly change passwords and create predictable combinations. Usually, they increase the number, change the letter to a similar character (for example, change the letter S to $), add or remove special characters, move numbers from end to beginning. There have also been cases where users have specified the month and year of the password change to easily remember these frequent changes. Such user actions allow hackers to steal credentials without much effort. According to UNC research, if hackers know one password, they can easily guess the next. It’s also worth noting that as soon as attackers gain access to your device, they will be able to install a program to read keyboard keystrokes to track passwords and changes. Of course, if your device has a solution for protecting workstations, there is a much better chance that this type of malware will be detected and neutralized. Creating unique strong passwords for each account is quite a challenge. Therefore, Technom experts recommend creating a password from little-known phrases, as well as using two-factor authentication for additional account protection. You should also use a password manager so as not to keep all the complex combinations in mind. In this case, you will only need to remember one password.
