Internet passwords have come a long way over the years. It used to be quite common for people to use the ol’ “password” for their password (hopefully you don’t do that anymore).
When you choose a password today, you no doubt put a lot of thought and effort into it, especially when you consider all the data breaches and hacking we’ve seen lately.
But for some of us, whether it’s a lack of creativity or urgency, we just don’t seem to be able to come up with good enough passwords — but it’s very important that we do. A new study by computer science researchers at Virginia Tech and password management service Dashlane says that we’re pretty awful at choosing passwords.
6 common password mistakes people make
- Same password, different site: 38% have once reused the same password on two different services, the study says.
- Password tweaking: 21% have once modified an existing password to sign up for a new service (52% have reused the same password or tweaked one, collectively).
- ‘Password Walking’: Researchers discovered a high number of passwords using letters and numbers adjacent to each other, a practice known as “password walking” (“qwerty” is an example).
- Love & #$%#@: The study says it found a large number of passwords using the word “love” or an expletive. Either way, it’s not secure.
- Pop culture terms: “superman” was the #1 superhero-related password. “pokemon” was #2 and “star wars” and “spiderman” made the top 10.
- Sports teams: Sure we all love our hometown teams, but that’s making it too easy for the hackers, according to the study. Perennial Champions League football clubs such as Liverpool and Manchester turned up often in the results.
The study — the largest of its kind — examined 28.8 million users, their 61.5 million passwords in 107 services over eight years and found large instances of password reuse and a proclivity to use the same patterns repeatedly.
“Sensitive online services such as shopping websites (85%) and email services (62%) received the most reused and modified passwords,” it says in the study’s summary.
Also highlighted was the fact that when it comes to hacks, people are still using their passwords that are probably in the hands of bad guys, according to the research. “We also observe that users would still reuse the already-leaked passwords for other online services for years after the initial data breach.”
If you’re using a password from a site or service that has had a data breach, you should change it now. Ditto for using your favorite sports team — it’s too easy for hackers and their sophisticated password-guessing machines.
Although it may be a pain, the key to having a secure password is to have a different one for each account or to use a password manager (but be careful). If you choose to make up different passwords, here are some pointers, according to Dashlane:
- Make up passwords that exceed the minimum number of characters.
- Mix it up with case-sensitive letters, numbers, and special symbols.
Money expert Clark Howard also has some sage advice when it comes to computer security: Never use a public Wi-Fi connection. “The vulnerability allows people to snoop on whatever you’re up to and that’s just another layer to the problem with public Wi-Fi,” he says.
Clark says if possible, the best way to get your laptop connected is to use the data on your cell phone via hotspot. “Let your cell phone be your safe zone when you’re out and about.”
For more password best practices, here is how to choose a strong password.