3 common password mistakes hackers are looking for

It’s hard to memorize passwords as you juggle dozens of apps — whether you’re logging in to stream your favorite show, view your medical records, check your savings account balance or more, you’ll want to avoid unwanted prying eyes. 

You may be tempted to create the same easy password for every site, but that could leave you vulnerable to potential hacks which could end up draining your bank account.

In 2022, consumers reported being cheated out of around $8.8 billion due to fraud — a 30% increase from 2021, according to newly released Federal Trade Commission data. Roughly 2.4 million consumers reported cases of fraud to the FTC, with investment and imposter scams topping their list of complaints. The agency recently shared the top scams of 2022.

3 password mistakes to avoid

Creating strong passwords is one of the best ways to protect your accounts and keep hackers at bay. The first step toward protecting your digital footprint: reevaluating your passwords. Here are some common mistakes you may be making.

1. Setting simple passwords

Easy number password note stick on smartphone, keyboard.
The password “123456” topped a recent list of most common passwords in 2022.

Getty Images/iStockphoto


When it comes to keeping your online accounts safe, simplicity isn’t key. 

“There are several common mistakes people make with their passwords. For example, using a simple or short password such as a word or name, a sequence of numbers, or combination of these, can be easily guessed by malicious attackers,” David Bader, distinguished professor and director of the Institute for Data Science at the New Jersey Institute of Technology, told CBS News.

Bader said one of the most common passwords is “abc123,” which is a prime example of a password you should never use. While it may be easy to remember, it’s also easy to guess.

That’s even more sophisticated compared to what password manager NordPass has found. In 2022, NordPass released its top 200 most common passwords list, crowning “password” as the top used. Numerical lists “123456” and “123456789” followed, along with “guest” and “qwerty.” 

“This is why many sites now require setting passwords longer than a certain length such as eight or more characters, and using a combination of letters, numbers and special characters such as ‘!@#$%^&*()?,'” Bader explained.

Mark Burnett, author of the book “Perfect Passwords,” stressed that password strength grows with length. Every character counts.

“Numbers and special characters don’t matter as much if your password is long enough. It is true that having those extra characters in your password will make them stronger, but the longer your password is, the less important they are, and password policies are much simpler without those requirements,” Burnett told CBS News.

“I’d rather see a long password with just letters than a short one with a mix of characters,” he added.

2. Repeating passwords

Password Box in Internet Browser
Cybersecurity experts warn users from inserting the same password across multiple accounts, especially if it’s been flagged in a security breach.

Getty Images/iStockphoto


Repeatedly using a simple password is bad, but regurgitating that same simple password across multiple apps and sites is even worse.

“This is like putting the same lock on every door in your neighborhood. If one is compromised, then the entire group is compromised,” Bader cautioned.

An estimated 64% of people have reused a password that had been compromised in a breach, computer security service SpyCloud stated in its 2022 annual identity exposure report.

“If a site has you change to a new password, do not reuse any previous passwords as they may have already been stolen,” Bader said, encouraging people to update their passwords at least every 90 days.

3. Sharing passwords


Netflix is cracking down on password sharing. What does that mean for users?

05:10

Password sharing has become increasingly popular among streamers. Netflix estimates more than 100 million households are sharing Netflix passwords. By the end of March, Netflix will start to use a customer’s geographic location — based on their connected IP address and other signals — to determine the primary household and help curb outside use.

While it may seem harmless to swap passwords with friends and family, it’s risky.

“Never email or share your passwords with anyone. No legitimate organization will ever call you up and ask for your password either. So if you receive a call from tech support claiming to need this information for one of your accounts, simply hang up the phone,” Bader said.

However, Burnett points out that not every password is the same.

“Regardless of how careless you are with your Netflix password, you should do everything you can to protect your bank, email and other sensitive passwords,” he said.

How to keep your passwords secure

Diversifying passwords, creating more sophisticated combinations and keeping them private are solid ways to keep your accounts secure. Additionally, you can enable backup security measures like two-factor authentication, prompting you to enter a second code and your password before gaining access to an app.

“Two-factor authentication for Apple ID is a must, the second factor should be a separate trusted device (like an iPad, a Mac, or an Apple Watch),” Vitaly Shmatikov, a professor of computer science at Cornell University and Cornell Tech, told CBS News.

Just don’t use SMS text messages as your backup, Shmatikov suggested. “Instead, use an authenticator app (like Google Authenticator, Microsoft Authenticator, Duo, Okta Verify, etc.) and turn on biometric protection — require Face ID or Touch ID — in the authenticator app. Then a thief who steals your phone won’t be able to get authentication codes and log into financial sites as you.”

You may also want to consider using a password manager or password vault, which can recommend and store passwords for you, though even those tools occasionally flag security incidents.

“I recommend using a secure password vault to store potentially hundreds of passwords for the sites you use, and many password vaults available today will also suggest strong passwords that would be hard for an attacker to guess,” Bader said.

Burnett agreed, “Everyone should use a password manager. If you don’t have some way to manage all of your passwords, you will almost certainly be reusing the same passwords and they won’t be as strong as they should be.”

Related Posts

How to Build a Kegerator

How to Build a Kegerator

How to Build a Kegerator How to Build a Kegerator -Bottles. We home brewers collect them, store them, wash them, and fill them. It takes time and…

Google Cloud Computing

Getting Started With Google Cloud Computing

Google offers several types of cloud computing services. Its cloud platform is built on the same infrastructure as its internal products, such as Gmail, YouTube, and Google…

Software Developer - Graduate Internship at Sophia ERP Limited

Software Developer – Graduate Internship at Sophia ERP Limited

Software Developer – Graduate Internship at Sophia ERP Limited :- Sophia ERP Limited – We are technology experts in: web applications, mobile applications, database management systems, enterprise…

gettyimages 1193598790

Google supporting passkeys for password-free login

Google is now offering users the option of using passkeys instead of passwords to sign in.  Starting Wednesday, account holders can use passkeys to login to their accounts…

0503 cbsm kidssocialmedia killion 1936426 640x360

Senators reintroduce Kids Online Safety Act to help protect kids from harmful online content

Social media has become an important part of the lives of many teenagers, including 14-year-old Jasmine Hernandez. But what started as a means of connection and self-expression…

2023 05 02t092105z 1365970753 rc28q0awktbl rtrmadp 3 tech ai hinton

“Godfather of artificial intelligence” Geoffrey Hinton leaves Google to talk about dangers of AI

The man known as the “godfather of artificial intelligence” quit his job at Google so he could freely speak about the dangers of AI, the New York…

Leave a Reply

Your email address will not be published. Required fields are marked *