- Changing them too often. Frequent password changes are counterproductive, as people tend to swap out one password for another frequently used one. Changed passwords may also be forgotten, and they can be stolen just as easily as passwords that are changed infrequently.
- Making them too complex. Keep your passwords simple, but be smart about it. Studies that look at arbitrary password complexity requirements (e.g., ones that call for symbols and uppercase and lowercase letters) repeatedly find that these kinds of restrictions result in less secure passwords.
- Not screening them. The National Institute of Standards and Technology highly recommends comparing your password against lists of commonly used or known compromised ones. Enzoic.com and Passwordrandom.com are two examples of websites that offer these password screening tools.
- Recycling the same ones. Reusing the same password across multiple websites is especially dangerous for email, banking and social media accounts. Even if you haven’t used them in years, once they get stolen, they can be used to access many different websites.
- Being too familiar. Don’t use the following in passwords or answers to website security questions: loved ones’ names (pets included), maiden names, hometowns, birthdays, wedding dates or anything else that can be gleaned with some online research.
- “Remembering” them on a device. Never use the “save” or “remember me” options on a public computer. The next user could easily access your account.
- Using common, easily hacked characters. Stay away from these, especially: “123456,” “qwerty” or “password.” Many hackers set on stealing your information still use the “guessing” strategy as a point of entry. Instead, think of something complex, yet memorable and personal to you. For example, “70YrS@n%styll%LUVN^life!” could mean “70 years and still loving life”!
- Not password-protecting your mobile device. Believe it or not, 52% of people are guilty of this. When setting your device password, it’s smart to avoid common choices like “1234,” 0000,” “2580” (a top-to-bottom sequence) or “5683″ (which spells “love”).
- Storing a password list on your computer. A password cheat sheet is fine, as long as it’s not stored on your computer or smartphone; if you do that and your device is infected with malware, you’re doomed. A pen-and-paper reminder, kept in a safe place, is better. Ideally, it will consist of hints rather than actual passwords.