10 Password Mistakes That Will Get Your Website or Email Hacked

Creating passwords is something so straightforward but so important that we can get complacent and lazy about it - here are 10 password mistakes that affect your security.

Creating passwords is something so straightforward that the prospect of having our personal information hacked and stolen seems far from reality. That is, until it happens. here are 10 password mistakes that can affect your overall security posture.

It turns out that the way we whip up our passwords puts us at high risk of cyber attacks. They have the potential to destroy businesses not only by accessing and changing passwords, but also by stealing and selling your company’s information. As if that wasn’t enough, such break-ins become a lot easier with the weak passwords we tend to prefer.

According to a 2018 study from Rutgers University, the more we log in using a certain password, the more likely we are to remember it. This is the almost-obvious reason behind the careless passwords we throw together among hundreds of priorities.

But what if we tell you that this harmless action is riddled with dangers that could cost you your business and safety? Here are 10 password mistakes that could get you hacked at any moment.

Using Personal information

This is a pretty obvious one, right?

Your birth date. Your phone number. Your pet’s name. Although you can type that information almost mechanically, they’re the most unsafe types of passwords you can use, and are field day for hackers.

If a hacker ever gets a hold of a password like that, they’ve got bonuses to work with. They won’t even need to bother checking for your personal information, such as your phone number, if they already have it. Besides, it’s your information they’ll use in case they wish to access illegal content.

If you can, refrain from using personal information such as:

  • Your name (or a family member’s name).
  • Your phone number.
  • Your address.
  • Your birth date.
  • Any personal numbers, such as credit card or account numbers.

If you receive any messages referring to your password appearing in a data breach, change your password immediately. It should look similar to this:

(Source: macReports)


Using the same password in multiple places

We all do it because it’s so much easier. Plus, it saves us the work of having to request a password change multiple times.

That’s understandable, yet unsafe. If you use the exact same password for every platform, you’re one step away from giving hackers easy access to all of your channels.

Preventing this misfortune is easy: vary your passwords. Ideally, you should create a different one for each platform you sign up to. This may seem like too much work, but clicking the “remember me” checkbox will log you in automatically, anywhere. This option should be the default in all apps.

Sharing passwords with others (legitimate or not)

A lot of times, you’ll have to share your passwords with team and family members. Your staff or coworkers need fast access to their dashboards, and you can’t stand your kids asking for the Netflix password one more time. In such cases, there’s no way around it.

But what happens when you thoughtlessly share a password in a group of people, or grant someone harmless access to your streaming service? This is where relying on one password for all channels gets extra dangerous.

If your Spotify password is the same as your Instagram password, which is the same as your work email password…you know where this could end. Depending on who you shared the password with, you could put all of your accounts at risk — at once.

Not using a password manager

Password managers are the lifesavers of the digital age. They’re here to streamline our workflow when we’re scrambling and multitasking during the workday.

Among the most popular managers are Dashlane and LastPass, which do a stellar job of saving all of your team’s passwords across all devices.

In addition, they keep your personal and work accounts safe with patented security architectures and robust encryption. This is a tech way of saying your information will be ironclad with them, because only authorised users will have access to personal information.

These tools let you create an account based on the number of logins you have across multiple apps, as well as the frequency in which you need to redefine passwords. They keep all of your passwords saved in one place without the need to type them, ever.

Keeping your password too short

Do you roll your eyes every time you see an error message that says “your password must be at least eight to twelve characters”?

There’s a safety reason for that. Shorter passwords, particularly those with only letters and numbers, are easier to guess, and therefore more prone to cyber attacks. If they include obvious information such as a name or phone number, that’s even worse.

If you don’t feel like creating a unique password, strong password generators can be helpful. They’ll make sure to suggest different characters (e.g. *&$#@) and uppercase letters. All you have to do is copy the password suggestion.

But how are you going to remember that? If you thought about writing it down, think again. Use a password manager.

We have a warning against writing passwords down. There’s a better way to do it, and it won’t require any brainwork on your part. Read on.

Writing passwords down

It’s not the fact of writing them down that makes it dangerous, but rather keeping the password in a place of easy access. It’s easier to have your passwords hacked into if you have them written on a piece of paper on top of your desk or an accessible document on your computer.

So, what’s the alternative?

Two words: password manager. By using one, you won’t have to worry about remembering your passwords, however complicated they might be.

Not implementing multi factor authentication

According to the Australian Cyber Security Centre, multi-factor authentication (MFA) “offers significantly more powerful security and protection against criminals.” Here’s how it works:

Before allowing access to an account, MFA asks you for more than one evidence of your identity. If you remember having to confirm your phone number or having to copy or paste a code from an SMS before signing up to a platform, you’ve experienced it first-hand.

MFA is already built into high-quality password managers, so here’s another reason to start using one today.

Not removing ex-employee’s access

If someone no longer works for you, it’s important to completely remove their access from your team’s confidential information.

It’s nothing personal. For safety measures, you should prohibit access from anyone outside of the company as soon as they leave, unless you want to risk having your passwords hacked.

Giving administrator access to everyone

You want everyone in your team to have fast and easy access to the same platform. That’s a practical idea, but it could also jeopardise your business if someone decides to use the business’s information for malicious purposes.

Password managers make sharing extra safe without compromising anyone’s productivity. As an example, Dashlane has a “Limited Rights” and “Full Rights” feature for each password you add. Offering Limited Rights allows multiple users to automatically access the account, but the characters will always be hidden for them.

Not being aware of your location and surroundings

Be careful when using your smartphone or laptop in public spaces, and beware of any lurkers around you. For people who still unlock their phones using passcodes, consider using your phone’s Touch ID or face recognition, if your phone comes with those unlocking options. Some of us don’t love them, but they’re undeniably safer.

Besides, make sure to log in from your personal computer whenever possible. If you need to use a public computer, or anyone else’s computer, don’t forget to log out of your accounts immediately after use.

One cyberattack happens every 39 seconds. Make sure your business isn’t a part of them.

You read that right. Every 39 seconds, you get a new chance of having your business email or website broken into. Scammers are getting smarter, and scams are getting fancier. They can happen to any business, big or small, with catastrophic consequences.

With those potential threats in mind, we at SixFive developed a self-paced Cyber Resilience course. It’s been expertly designed for professionals who wish to protect their confidential information against the web’s most dangerous parasites and money-stealing scams.

It’s up to you to be on the safe side through knowledge and alertness. Learn more about the Cyber Resilience course.

Duncan Isaksen-Loxton

Educated as a web developer, with over 20 years of internet based work and experience, Duncan is a Google Workspace Certified Collaboration Engineer and a WordPress expert.

1 Comment

Thanks – heading to Last Pass now. Been putting it off for a while

Comments are closed.

Log in below to access your courses.
Log In With Google
Forgot Password
Enter your email address or username and we’ll send you instructions to reset your password.