Blog :: Security Operations

10 Bad Password Habits and Why We Do Them Anyway

Bad password habits are far more common than we’d like to admit. Last year, for instance, I bought a used electronic device. But to my dismay, the seller had not taken her 4-digit pass code off one of the crucial functions. Likely, she had originally put up the pass code because she was storing payment information on the device. I tried to contact the seller, but heard nothing. So, I sat down and steeled myself to try every one of the 10,000 possible combinations until I found the one that unlocked that function. But to my surprise (and delight), I got in on my first try.

What was the pass code?

1-2-3-4.

10 bad password habits

The seller and I were both lucky in that situation; I was lucky that she had used the most common 4-digit code out there. She was lucky that I’m not a thief and that I deleted her payment information right away. But I hope that she’s not using it anywhere else, since similar passwords (like 123456) take several spots on the list of  top 25 used passwords.

Girl with bad password habits advising to use the same password on multiple accounts

Here are 10 more bad password habits:

  1. Including any part of your name in your password (like ‘henrik19’)
  2. Using the characters, in order, on the first row of your keyboard (‘qwerty’)
  3. Including your birthday, or other meaningful numbers (worst of all your social security number)
  4. Choosing ‘password’ as your password
  5. Using the same password on multiple websites, or cycling between a handful of passwords
  6. Using all lowercase letters (mixing lowercase and capital letters makes it harder to guess)
  7. Storing passwords in memory, on paper, or anywhere else they could be easily lost and/or stolen
  8. Neglecting to change your passwords for more than 6 months
  9. Sharing your password too frequently or with people who you don’t trust 110%
  10. Storing your password on your browser (especially on a mobile device that you might lend or lose!)

Why do we keep bad password habits?

The thing is, most people actually know what good passwords and practices look like. According to a study from Wichita State University, participants were able to identify many recommended practices. Yet nearly 60% reported that they do not vary the complexity of their passwords, and 53% never change their password if they’re not required to do so.

A survey from LastPass indicated that personality type, though not an indicator of whether someone will keep bad password habits, does help determine why they do. For example, type A personalities feel that they take plenty of other proactive security measures, so they don’t believe that they are personally at risk. Type B personalities, on the other hand, rationalize their bad habits by convincing themselves that their accounts are of little value to hackers.

Another reason that many people don’t use good passwords or practices is that it’s just inconvenient. Who can remember unique, random 20-character passwords for an average of 8.5 accounts? Actually, the most common reason users change passwords is because they forgot them. So clearly, remembering even simple passwords is not guaranteed.

My advice is to use a secure password manager like LastPass to get the best of both. You only have to remember one password, and you can still keep many unique passwords for all of your accounts.

If you’re planning on a lot of online shopping this holiday season, it’s possible that you’ll be opening many accounts—so choose good passwords! You can also check out the tips in this blog to help stay secure while shopping online.