We all have bad habits—letting emails pile up in the inbox, getting fast food for lunch, leaving dishes in the sink, you name it, we all do it. The typical bad habit isn’t normally a big deal, but when it comes to managing your passwords, getting into a bad pattern can lose you serious time and money. We all know the hassle of forgetting a password and having to reset it, but that’s nothing compared what you’ll go through if your accounts are compromised because you managed your passwords poorly.
It’s the age old story of a company that uses the same password for everything, one unimportant site gets hacked, and the attacker proceeds to log into all of their sites.
Luckily, with the right strategies and tools, building good password habits is easy. Read on to learn about bad password management habits and how you can fix them.
1. Don’t use the same password everywhere.
Also known as, the Password Golden Rule. It’s only a matter of time before one of the websites or apps you use gets hacked or has a security lapse. See Dropbox, Adobe, and the Heartbleed bug that affected several websites. Once a hacker gets one of your passwords, it’s easy for them to try that password on countless other websites. For example, if you use the same password for Instagram as you do for online banking, a lapse in Instagram’s security can result in an empty bank account. Using the same password is one of the riskiest things you can do online; it’s asking for trouble.
Stop using the same password! Stop it right now. Instead, use a service for randomly generating and storing your passwords so that you can have unique passwords for different services without having to remember all of them.
2. Don’t keep the same password for eternity.
Passwords, like the oil in your car, should be changed regularly. Many breaches happen over the course of weeks and months before an attacker will act on the data that they’ve captured. If you update your password, it’s tough luck for the hacker. Don’t make it easy on hackers and malicious users—just change your password on a regular basis.
Set up a system that reminds you how old your passwords are. TeamPassword shows the last time you updated the password every time you use the account—shaming you every time you see “Last Updated: 5 years ago.”
3. Don’t store passwords in your browser.
Storing passwords in your browser is quick and easy, but if you lend your computer to a colleague, friend, or family member, they’ll have easy access to all of your accounts. We’ve all seen those “Brian left his Facebook open!” posts made by someone’s friend (and that’s the polite version.) While Facebook might not be a big deal, imagine the kind of mischief—or trouble—someone could get into with access to, say, your Bank account. Plus, if your passwords are stored in your browser, and only in your browser, when you’re traveling, or if you’re on a different computer for whatever reason, you’ll be up a creek without a paddle. For example, you might think you won’t need your passwords while you’re traveling in Morocco—until you realize you forgot to schedule your car loan payment or you get a text message about suspicious activity on that credit card you hardly use.
Use a service that requires authentication to get to your passwords so that you can access them everywhere, and so that your friend Jessica can’t be a jerk on your Facebook (or bank) account when she borrows your computer.
4. Don’t share your passwords too liberally.
We all need to share passwords from time to time, whether you’re giving the WiFi password to a guest, or collaborating to update a Twitter account for a business. The problem is sharing too many passwords. Because bad habits often come in pairs or small groups, chances are you may be using that same password on other services, which exposes you to greater risks. Think of passwords like they’re the keys to your house. You’re not going to give that up to just anybody. Further, it’s likely that you’re going to forget who you shared your passwords with. It might not seem like a big problem now, but let’s be honest, do you really want your crazy ex (or vindictive former employee) having access to any of your online accounts?
Use a service that helps you share passwords and lets you know who has access. That way, it’s easy to add or remove password access as needed. Plus, you’ll know quickly which passwords you need to change if you’ve parted ways from someone.
5. Don’t share passwords via email
Email is an inherently insecure means of communication. You don’t need to be Sony to be a target of an email hack. Never use email to send sensitive information. Plus, who wants to comb through old emails to find a password?
Use a service with strong security practices to share passwords.
If you have any of these bad habits, you need to stop doing them now, before one of the apps you use gets hacked.
Your money, time, and even your identity can be stolen if you have bad password practices. We started TeamPassword to help teams avoid these password bad habits and the losses that come with poor password management. Try it out. However, even if you don’t use TeamPassword, you should find another way to build strong password habits. Then, you can work on putting the dishes away.