Top 5 password mistakes you should stop making

December 24th, 2020
Top 5 password mistakes you should stop making

Passwords act as a universal security solution that protects online accounts from cybercriminals by preventing unauthorized access. But as cyberattacks become more prevalent and sophisticated, especially in the time of the COVID-19 pandemic, passwords are no longer enough to mitigate the risk of attacks.

It doesn't help that users practice poor password habits, such as:

1. Using weak passwords

Some secure passwords are difficult to remember, which forces users to use weak passwords, such as “123456,” “password,” “football,” “iloveyou,” and “qwertyuiop.” But despite the risk of brute force attacks, many people still use these passwords in 2020.

Instead of using weak passwords, try passphrases. These are word combinations much longer than passwords, such as “palmcareerouteRpatentsample” or “TentfabriclemonGarageswitchwise185.” A long password containing semantically linked dictionary words, and a mix of upper- and lower-case letters is easier to remember but exponentially more difficult for hackers to guess.

2. Recycling passwords

Some users don't want to remember too many passwords, so they resort to password recycling, or using the same password for multiple accounts.

While convenient in the short term, password recycling puts users’ accounts at risk of credential stuffing. This is a type of cyberattack where hackers input stolen email and password combinations into various websites and apps in hopes of gaining access to more accounts. This way, any account using the same login combination as the compromised ones can be accessed. In fact, nearly 350,000 Spotify accounts were hacked around July 2020 as a result of password recycling.

Instead of trying to remember all your passwords, use a password manager such as LastPass, 1Password, or Dashlane. These apps not only store passwords in an encrypted vault to prevent theft, but they can also generate a unique password per account. You no longer need to memorize your passwords, as you only need to remember the master password to access your accounts.

3. Frequent password changes

Before, users were required to change their passwords often to minimize the risk of account takeover. But some people simply changed a character, or recycled passwords from other accounts.

Now, the National Institute of Standards and Technology recommends changing passwords only after a security incident, such as when your company experiences a data breach. Doing so prevents users from spending too much time coming up new passwords that they may easily forget.

4. Sharing passwords

According to a LastPass study, 61% of people are more likely to share work passwords than personal ones. They do this for two main reasons: easier collaboration and cost savings. But while sharing passwords may seem like a practical solution, it involves cybersecurity risks.

Since many people reuse their passwords, sharing their credentials with other people can endanger their other online accounts that use the same password. What's more, increasing the number of people who can access an account makes it less secure.

Never share your user credentials with another person. If you really have to, make sure that the account you share has a unique password that you don’t use on other online accounts.

5. Not enabling multifactor authentication (MFA)

MFA requires users to provide an additional authentication detail after entering your username and password, such as a one-time authentication code, a physical key, or a fingerprint or facial scan. This way, hackers won’t be able to access an account because they can’t fulfill the subsequent authentication requirements even if your username and password were compromised..

According to Microsoft, users who enable MFA for their accounts end up blocking 99.9% of attacks. Unfortunately, many businesses still aren’t implementing MFA. Some believe the security solution is difficult to set up, while others cannot afford the costs of deploying it. These reasons force them to use unreliable security solutions, making them more vulnerable to cyberattacks.

Need help? Fidelis can help you evaluate the options and assist with deployment, training, and supporting your efforts to secure your organization.

Your data’s security should be your business’s priority. Our Business Data Protection solutions will ensure that your company is well prepared for any cyberattacks by maintaining and monitoring your IT infrastructure 24/7/365. To learn more about how we can help your Seattle or Oregon business, download our FREE, no-obligation eBook today.


For many businesses, complying with the GDPR’s specific data security and privacy requirements may sound daunting, but it doesn’t have to be. Our eBook Navigating the Data Privacy Labyrinth: A Guide to GDPR Compliance can simplify your compliance journey.GRAB YOUR FREE EBOOK HERE!