Top 3 Password Security Mistakes Users Make Every Day

On the face of it, the concept of proving your identity with a combination of a username and a password isn't really that complicated. Yet, cyberattacks happen every day, they're often quite costly, and many of them are the result of poor handling of passwords. It seems that we're struggling with what should be a fairly straightforward job – protecting our online data with decent passwords. Why is that?

Today, we'll take a look at some of the common mistakes people make. We'll also try to find out why they make them and see if there's anything we can do to avoid them. We begin with what many consider to be the root of the problem.

• People underestimate the threat

High-profile cyberattacks tend to be quite extensively covered by the media, and in the wake of major online disasters like the WannaCry outbreak, for example, we see quite a lot of security experts going on television, giving interviews, and telling everyone what users should and shouldn't do. The users in question, it would appear, listen to the said interviews, switch off their TVs, and proceed to do exactly the opposite of what the experts say.

And the reason for all this is the "It won't happen to me" mentality. People think that protecting their email accounts with "123456" is fine because there are hundreds of millions of other users that will get attacked first. They reckon that using the name of their dog as their online banking password shouldn't be a problem because hackers won't bother with the average Joe and will instead go after wealthy individuals. Even people who have fallen victims to cyberattacks in the past tend to think that lightning doesn't strike the same place twice, which, as we should all know very well, isn't the case.

Although Hollywood would have you believe otherwise, cyberattacks aren't always sophisticated operations aimed at a high-value victim. In most cases, hackers want to affect as many people as possible, and not surprisingly, they go for the path of least resistance. Weak passwords draw this path, and accounts that are protected by them get compromised first.

• People think that they've created the most secure password the world has ever seen

It must be said that not everybody downplays the dangers we're faced with. Some know that "123456" or "Spike" won't do the trick, and they actually invest some time into trying to come up with something more substantial. Unfortunately, the results are often rather disappointing.

Quite a few users think that replacing "a" with "@" is a surefire way of fooling the bad guys. It must be said that many years ago, a heavily modified word was considered to be strong enough to protect your sensitive information. Things have changed quite a bit since then, however, and right now, swapping a couple of letters and putting "123" at the end isn't helping a lot, especially if you start with something simple.

Many people argue that length is more important than complexity which is why they advocate the use of passphrases instead of passwords, but it's fair to say that to properly protect your account, you need something that's long, complex, and, last but not least, random.

• People can't remember many unique passwords which is why they use the same one on multiple websites

If you've researched the problem in the past, you might argue that this isn't really a mistake because the human brain just can't keep up with the dozens of passwords that we need to remember if we want to maintain control over our data. To some extent, this argument does hold water. In fact, experts say that the stronger the password, the harder it is to remember it. In a moment, we'll see why we're classifying people's inability to remember many different passwords as a mistake, but before we do that, let's take a look at the net result.

Surveys show that most people reuse passwords, and although security specialists work hard to explain why this is a bad thing, nobody seems to be acting to prevent it. This probably has something to do with the fact that there's not much that can be done. While you can make users see the potential online threats, and while you can teach them to differentiate strong from weak passwords, you'll struggle to find a viable way of improving their memory.

This goes to show that securing data with passwords really isn't as straightforward as it appears at first. There is a solution, however, and its existence means that we can't blame everything on our brains' storage capacity.

A password management application like Cyclonis Password Manager can not only remember many unique login credentials for you, but it can also alleviate the burden of creating all those passwords thanks to its built-in password generator which creates strong, random passwords in the blink of an eye. Entering the usernames and passwords is just as easy thanks to the browser extension, and with all the data stored in one encrypted vault, all you need to do is remember the master password that opens it.