These Bad Password Habits Are Leaving You Vulnerable

A man sneaks a peak into a laptop while sitting on lounge chairs outside.
Getty Images

ScoreCard Research

You have a password protecting your bank account, or at least you think that it’s protecting your bank account. Unfortunately, not all passwords are sufficiently keeping data safe — it doesn’t matter how good the lock is if the key is a weak point. So, what are the worst password habits, and how can you improve them? Let’s take a look.

7 Worst Password Habits to Avoid

Stay away from these password fails to make your online activities more secure.

1. Using the Same Password Everywhere

We get it; it’s easy to use the same password with multiple websites. Remembering numerous passwords is difficult, so using the same login information for your bank and Netflix might seem like a good fix. However, using the same password with more than one account increases the risk of your entire digital life being compromised if a hacker or other nefarious actor compromises that one password.

What’s the solution? Using unique passwords for every single one of your logins is the first step to tackling bad password habits. That can sound like a herculean task, but don’t sweat! This is precisely why we recommend using a password manager to keep your digital world under tight lock and key while also making logging into every service super quick.

Be sure to check out our guide on password managers.

2. Not Utilizing a Password Manager (Hint: Theme Incoming)

We’ll repeat it for the people in the back — use a password manager! Keeping up with a never-ending, complex list of passwords is stressful and will likely lead to poor practices (stay tuned). So do yourself a favor and download a password manager; we rounded up our recommendations for the best password managers.

Password managers allow you to generate more secure passwords and store them in an encrypted “vault” unlocked by a single password (no more remembering endless passwords). In addition, most auto-fill your login information, so you can sign in to any website or app with the click of a button, tap of a screen or a simple biometric scan (think FaceID/TouchID).

3. Sharing Your Passwords Without Concern

Sharing passwords isn’t always disastrous, but you should give it some thought before you go handing out your login credentials. While sharing a Netflix login with friends and family might seem safe, these types of logins give others access to change your billing information, upgrade to more expensive packages, and sometimes access portions of your credit card number.

Don’t even get us started with your bank passwords — you should never share that info with anyone who isn’t an account holder.

If you must share a password, understand how to share passwords securely and what considerations you should take before handing out those precious combinations of numbers, letters and symbols.

It shouldn’t be a surprise, but the best way to share a password? Use the sharing feature within a password manager (by the way, there are free options).

4. Writing Down Passwords for Everyone to Find

We are in the digital age, and while writing passwords down can be secure in some select situations, most users don’t tend to store their written password information in a secure spot. Usually, written passwords get scribbled on a post-it note or other scrap of paper or even taped onto your computer.

Don’t even get us started on those password books which proudly proclaim in bold type on the cover that you are storing passwords within — bad idea.

If you insist on writing down your passwords, write them in a book that can be locked away in a safe when not in use. But why struggle with a physical book when you can keep everything secured on your computer or mobile device?

Instead of writing down your passwords, again, we recommend using a password manager to encrypt and store your most precious information properly.

5. Using Simple or Easily Guessable Passwords

Simple passwords are easy to remember, but they don’t provide much security. Hackers and other malicious users have quite a few different ways to break into your online accounts, including brute force and dictionary attacks. The simpler your password, the more likely one of these hacking techniques could be utilized against you.

To create a strong password, use at least 12 characters — 16 characters is preferable if possible. The best passwords are random combinations of letters, numbers and symbols.

Lastly, always avoid passwords that use personal information such as your birthday, your pet’s name or something overtly simple, such as “password” or “1234.”

6. Not Using Two-Factor Authentication

Passwords are a good first-layer of defense, but when it comes to keeping your most valuable online assets secure, you’ll want to be sure that you’re employing the use of two-factor Authentication.

When you switch on two-Factor Authentication for an account, two bits of information must be provided when logging in. The first bit of information is generally your password. The second bit is typically a secure code sent to you (via text message, email or phone call) or generated by an app that you keep on your smartphone.

This process ensures that even if someone has stolen your password, they still don’t have the second piece of information needed to log into your account.

Read our complete guide to utilizing Two-Factor Authentication to keep everything from your online bank accounts to media streaming services secure.

7. Not Changing Your Passwords Over Time

While keeping your password the same for months and years might make the entire process a bit easier, it can also be less secure. Security breaches are not uncommon, and it can occasionally take companies quite a while, from the time the breach occurs to when it is discovered, before you are alerted. As a precaution, change your passwords regularly to keep your account more secure.

Most experts recommend changing your passwords every few months, but understandably, this can be near impossible across multiple accounts. Instead, we recommend changing your most critical passwords every few months, such as those that grant access to online banks and financial accounts.

Frequently Asked Questions (FAQs)

What are some examples of bad passwords?

Bad passwords are typically short and lack complexity. For example, the following passwords would be considered poor to use: password, 12345, qwerty, password! or iloveyou. 

In addition, you’ll want to avoid passwords that use personal information such as dates, pet names, or locations: fluffy21, newyorkgirl or july41965.

What should passwords not contain?

Passwords should not contain any personal information that may be guessable, including dates, names or locations. Passwords with such information may be easily guessed or hacked.

Instead, use a password that contains random numbers, letters and symbols and is at least 12 characters in length to keep online accounts protected.

What makes a password bad?

To know what makes a password bad, it is better to understand what makes a password suitable. A strong password comprises random characters (numbers, letters and symbols) and is at least 12 characters long. 

Bad passwords are typically short, lack complexity and, in many cases, use easily guessable personal information. Creating strong passwords is one of the critical steps toward eliminating bad password habits.

Michael Archambault is a former senior writer with The Penny Hoarder specializing in technology.