9 Reasons Your Password Is Going to Get You Hacked
Updated: Jan. 06, 2023You may feel like your password is safe because it uses letters, numbers, and an ampersand, but don't be so sure. Here, secrets to why your secure account is more hackable than you think.
Your password is “Password”
Amazingly, “password” always ends up in a top spot of the most popular passwords, according to hackers who stole millions of them. Also popular: “123456” and its neighbor “12345678,” “welcome,” “letmein,” and “jesus.”
You didn’t check its strength first
The Password Meter is a handy resource when setting up new accounts or changing your login info. It plugs your password into a formula and shows you exactly what its greatest strengths are (symbols) and weaknesses (sequential letters), thereby allowing you to tweak it to perfection. Don’t miss these other online safety secrets that hackers don’t want you to know.
You use the same password for everything
Well, someone got into your email and saw your Facebook post responses and an account statement from your bank. But hey, at least yourbank.com login info is different, right? … Right?
Your security question is obvious
Sites will often ask you to provide a security question and answer for use when you forget your password. Try for something complex or personal so nefarious types can’t figure out the answer with a simple Google search—McAfee suggests a question like, “How was your first kiss?” with a quirky answer only you would think of (“Rocked it like a hurricane!”).
You use a common phrase
Just like you don’t want an obvious answer to a security question, you don’t want your password to contain a word or phrase that’s meaningful to you, like your sister’s name or your hometown. These are too easy to guess (and can simply be found online). Try incorporating “opposite” words, like your least favorite color or the site of your least favorite vacation. These are the secrets identity thieves definitely don’t want you to know.
You didn’t use the space bar
Many sites and programs don’t actually allow you to use a space in your password, which is exactly why it’s valuable to do so when you can. Anyone trying to guess at your password may not even think to tap on the space bar.
You didn’t use a mnemonic device
Lifehacker suggests using the Person-Action-Object (PAO) method to create an unbreakable password. Visualize a famous person doing a random act with a random object (say, Abraham Lincoln surfing with a gallon of milk). Now combine parts of that phrase to make a new word, like AbeLiSurfilk. Not only do you have a word that’s too random for any hacker to crack, but you’ll be the only person it makes sense to. Plus, our brains remember data better with visual cues (and especially with weird ones), so memorizing it will be a cinch. Here are some online scams to be aware of—and how to avoid them.
It’s not long enough
Security experts say your password should be 12-14 characters long if possible. Similar to the use of spaces, many services don’t allow such length, which can provide a security boost. Make sure you follow these tips to protect yourself from online scams.
You don’t use two-factor authentication
Here it is, the Big Bertha of security tips. Every time you log into a website or email client, you type the same ol’ string of characters—not exactly hacker-proof, especially if you use the same password across platforms. Two-factor authentication helps.
It’s basically what it sounds like: After typing your password, sites and services that use two factors ask you to present an additional piece of information. Most likely, you have a separate program or physical device, also known as a “token,” that presents randomly generated numbers and communicates with the website or software you’re accessing, allowing you an extra layer of security. Type your password, get the random numbers from your token, and type those in to move along.
Think a token sounds niche? Consider this: A few years ago, Blizzard—the gaming company behind massively successful titles like World of Warcraft and Diablo—introduced a $6.50 “authenticator” device for users in an effort to stop hackers from stealing items and in-game currency. Gmail offers a similar service, as do various other email clients and social networks.
