Your passwords are bad and you should feel bad

If you use the internet in almost any capacity, you’ve surely created at least a few accounts for a variety of services like your email or Facebook. Companies like Facebook or Google will do their best to make sure your account is safe and secure, but they can only do so much. Ultimately it’s up to each individual to ensure their account is properly protected.

Common security mistakes

Generally speaking, weak passwords are those that are simple to guess, especially by a computer. This could be your name, city, any words from the dictionary, simple patterns like “1234”, “abc”, etc. Any weak passwords should be considered unsafe and changed immediately.

Although having a strong password is a good start, your security may still be at risk. Consider this: you sign up for Website A and Website B with the same email and password, Website B gets hacked. In this scenario, even though Website A was not hacked, it’s no longer safe because you used the same login information on two different websites. In a report from TeleSign they found that about 73% of accounts use duplicate passwords.

Maybe you’re more security minded than most, setting up strong and unique passwords on every service you use. You may still have reason to worry. In a survey conducted by Webroot, they found that 30% of users write their passwords down on a piece of paper. If you are writing down passwords, you’re probably keeping them at work and/or at home. At work it’s especially dangerous, because anyone could steal that paper or even catch a glance at it if you leave it out. Even if you live alone and keep them all stored on a paper at your house, it could still be stolen. There could be a fire, tornado, flood, or something else that destroys this piece of paper.

Lastly, you probably have a cellphone and are logged into your primary email account on said cellphone. Since most accounts you sign up for will be with the same email address, if anyone gets access to your email they can reset the password for those sites using your email. Gaining access to your email account is effectively the same as gaining access to all of your accounts using that email address.

Use a password manager

While most people realize that having a weak password is dangerous, it’s too much of a hassle to remember long passwords. The solution to this issue is to use a password manager. A password manager is basically an application that you can use to store your passwords. That way you don’t need to remember lots of different passwords for the various accounts you sign up for. Also, because you no longer need to remember passwords, you can use very long and random passwords that are unique to each site. Now you only need to remember one password — the one you use to access your password manager.

There are lots of options to choose from when it comes to password managers. Some examples include 1Password and LastPass, you can even store your passwords with Google if you want to. Any password manager is much better than using none at all, so pick one you like and find easy to use.

Two factor authentication

An increasingly common way to drastically improve the safety of any account, is two factor authentication (2FA). The most popular of which is to use your cellphone as the second factor of authentication, the first being your password. Usually you can enable 2FA by adding a cell phone number to your account, which they will then send a text message to with an extra code you must enter when you login. That way, even if someone gets your password, they’d actually still need your cellphone to be able to login. This is especially important to enable on your email account, since your email account could allow access to many other services.

Although cell phones are the most used secondary factor, they’re not the only one. In fact you aren’t limited to two factors either, you could have multiple factors of authentication. Other factors may include your thumbprint, retinal scan, voice recognition, facial recognition, and many more. Google has actually been pushing towards retiring passwords entirely, and solely relying on other factors. But we’re not quite there yet, so for the time being you should consider enabling 2FA on your most important accounts.

The weakest link

Your security is only as strong as its weakest link. If you leave your passwords on a piece of paper, use the same password all the time or leave your phone unsecured, you are putting your accounts at risk.

Your phone is probably the single most important piece in the security puzzle. As such, you should take appropriate precautions to make sure it’s safe. Add a pin to your phone, use thumbprint authentication, just make sure your phone is protected in some way. Also, in the unfortunate event that your phone does get stolen or lost, you should have a plan to keep your data safe. Google and Apple both offer ways to wipe your phone remotely — make sure to set this up before anything happens to your phone.

While getting all of these precautions put in place is boring, for the most part it’s a one time event. Once you’ve decided what tools you want to use, it might actually make your life easier. With a password manager you won’t have to remember several passwords that aren’t even secure anyway. Most importantly, the next time you read about some company getting hacked, you won’t have to worry that your accounts might not be safe. Even if you have an account with a site that does get hacked, it should be simple to change your password. Plus if you have 2FA setup on that site, your account is safe (though you should still change your password).

Originally published at on December 3, 2016.