No doubt you have already entered at least a couple passwords today on your phone, laptop, or tablet – to access your email, place an online order, or log into your bank account.
Did you know these password-related statistics (from 139 Password Statistics to Help You Stay Safe in 2024)?
The most common passwords are 123456, 123456789, Qwerty, Password, 12345, 12345678, 111111, 1234567, 123123, and Qwerty123.
The average person spends nearly four minutes resetting their password when they forget it.
On average, individuals reuse passwords on 10 of their personal accounts, and more than 6 in 10 people admit to reusing passwords.
Almost 1 in 4 people rely on a document on their computer to manage all their passwords.
People over the age of 50 are more likely to use different passwords for each of their accounts.
Password issues contribute to account and data breaches. According to a commissioned study of 2,000 Americans (summarized in this Forbes article):
46% report having their password stolen during the last year.
68% had to change their password across several accounts due to password compromise.
42% change their password only when prompted (rather than regularly) to avoid hacks.
35% believe their password was hacked due to a week password while 40% believe it was due to repeatedly using the same password on multiple accounts.
As more of our lives move online, passwords are impossible to ignore – and sometimes to remember. But are we using passwords securely and creating the best passwords to protect our personal data? Are there ways to make the whole password process easier?
Create Strong Passwords
One of the easiest actions to safeguard your passwords is simply creating strong passwords. The objective is a password that can’t be hacked, so you want to get as close to that goal as possible.
Keep these recommendations in mind:
Never use personal information. Don’t incorporate names, birthdays, addresses, phone numbers, or any other identification numbers.
Use a combination of letters, numbers, and special characters. Even better, mix up your use of uppercase and lowercase letters and make the sequence of these characters as random as possible.
Prioritize password length. Longer passwords – many sources recommend at least 16 characters long – will lessen the chances of a data breach or cyberattack.
Avoid using real words, including proper nouns, standalone dictionary words, or product names. Hackers can use malicious programs that process every word from a dictionary to try to crack passwords.
Use Smart Password Practices
In addition to creating strong passwords, you also need to be prudent about how you work with your passwords to keep them safe.
Follow these recommended practices:
Never repeat passwords. Always use separate and new passwords for all accounts to avoid the risk of credential shuffling attacks often used by hackers, who attempt to access different accounts with stolen username and password combos.
Make sure each password (for the same account and across all accounts) is significantly different from ones you’ve used previously.
Change passwords periodically, such as every 90 days. Some sites and apps may prompt you to change your password, but you can also set a reminder to do this task to further safeguard your online data.
Store Passwords Securely
You’ve created strong passwords and managed them carefully. So, how can you safely keep track of them all to reduce your risk of identity theft, compromised accounts, or financial losses?
Here are some options with the pros and cons to consider:
Least Secure Password Storage Options
Password-protected document or spreadsheet on your computer – While your passwords are relatively safe, this information could be compromised by a hacker using a keystroke logger to capture your password. You also need to either memorize or store the password for the encrypted file somewhere.
Paper note – Writing down passwords in a notebook or on a sticky note can keep them away from hackers, but they can still be exposed to people who are around that paper in your home or office.
Notes app on your phone – Keeping a notes entry with your passwords on your phone can allow anyone picking up your phone to access them, unless you set up a strong passcode for your phone. There’s also the option on iPhones to lock a note with a password, but you still have the issue of memorizing or storing that password somewhere.
Email – Some people email a password to themselves as a memory aid. Since emails can reside on different servers and/or remain in trash cans or recycle bins after being deleted, there is risk that a hacker could access these emails and then have your password(s).
More Secure Password Storage Option
You can take advantage of password management features on most browsers, such as Google, Chrome, Firefox, or Safari, to save and store your passwords. This feature, which sometimes requires you to enable it in settings, prompts you to save your password whenever you set up an account or change a password. It may also allow for auto sign-in when you access accounts in the future.
Although this browser feature is convenient (nothing to download or learn), quick and easy to enable in settings, and free, it works on only one browser and offers fewer password generator options for customizing passwords.
Most Secure Password Storage Option
Password manager apps allow you to easily create, manage, and access your secure passwords. They can also help you generate strong passwords from your input requirements – such as how many characters or whether to include symbols or special characters. There may be free plan options with basic features, although they may be limited to use on just one device. Adding features or allowing multi-device use usually requires a paid subscription.
It's important to find a reputable password manager app with the options and price point you want, so you’ll need to factor in time for this comparison task. (This Wired article is a good place to start.) These apps can have occasional tech glitches. Most user complaints involve getting locked out of the app or not getting prompted to save a password.
Like the other password storage options, these apps also require a master password, which you need to store somewhere or memorize.
With some extra diligence and armed with best practices, you can significantly decrease your vulnerability to being hacked or cyberattacked. Let’s all do our part to protect our personal information online.