11 Things You Should Avoid When Creating Passwords


As our lives are increasingly intertwined with online services, the importance of strong, secure passwords cannot be overstated. Passwords are the first defense against unauthorized access to your personal and financial information.

However, even the most cautious can make mistakes when creating passwords. Employing a password manager is critical in managing and safeguarding your passwords, as it stores them securely and helps generate strong, random passwords that are difficult to crack.

But even with a password manager, there are certain pitfalls you should avoid when creating passwords. Let’s explore 11 mistakes people make when creating passwords and provide practical recommendations to avoid them.

1. Using Personal Information

What makes a password “strong” is the inability of a third party to guess or crack it easily. So, if you use personal information such as your name or hometown, someone can easily get this information online and use it to breach your account.

Avoid using easily guessable information like your pet’s name, birth date, or simple sequences (like “12345” or “password”). Hackers often check personal information first to see if they can quickly guess your passwords based on what’s publicly available.

2. Using Obvious Substitutions

People try to mask an otherwise simple password with character substitutions. This includes replacing an “s” with “$” or an “o” with “0”. Unfortunately, hackers’ algorithms are sophisticated enough to guess these common replacements.

3. Using Dictionary Words and Common Phrases

If using private information for your passwords is the worst mistake, using dictionary words or common phrases is a close second. Passwords that are complete words or phrases are vulnerable to dictionary attacks, where hackers use software to quickly try a vast list of possible words and phrases.

4. Repeating Passwords Across Different Sites

Using the same password for multiple accounts is like having one key for every lock; if a hacker discovers one, all are vulnerable. And no, slight variations of the same password are still not good enough. A password manager can help you keep track of different, strong passwords for each account.

5. Creating Short, Simple Passwords

Password length is perhaps the most important factor in password security. Short and simple passwords can be cracked by hackers with enough skill and tools within minutes. Even stronger, 8-character passwords can be cracked quickly. Aim for passwords at least 12 characters long, combining letters, numbers, and symbols to increase complexity.

6. Ignoring Two-Factor Authentication (2FA)

Relying solely on passwords, no matter how strong, isn’t enough. Enable 2FA wherever possible. This adds an extra layer of security, typically a code sent to your phone or generated by an app. 2FA significantly reduces the risk of unauthorized access even if your password is compromised.

7. Falling for Phishing Scams

Hackers who can’t guess your password will resort to other tactics like phishing to get it from you. Be vigilant about phishing attempts in emails and text messages (smishing). Never enter your password after following a link from an email or message. Criminals are getting sophisticated and can perfectly recreate legitimate websites to trick victims. The best way to verify a website’s authenticity is to check its URL.

8. Neglecting to Update Passwords Regularly

There have been debates among the security community about whether updating an already strong password makes sense. But, considering how often passwords end up for sale on the dark web, it might be wise to change your passwords every few months. You can use online services to check whether your account has been involved in a major data breach. If a service you use has been breached, change your password for that site immediately.

9. Writing Down Your Passwords

Writing passwords on sticky notes or in an unsecured digital document is risky. Unfortunately, it’s common practice, especially in an office setting, where the visibility and accessibility of these notes can lead to security breaches. If you must write them down, ensure they’re stored securely or, better yet, use a password manager.

10. Using Public Wi-Fi for Sensitive Transactions

Avoid entering or changing passwords while connected to public Wi-Fi networks, as these can be insecure and expose your data to hackers. If you must access sensitive accounts in public, use a trusted Virtual Private Network (VPN) to encrypt your connection. Always ensure that the Wi-Fi network is legitimate and not a rogue access point set up to capture data.

11. Not Using a Password Manager

Finally, not using a password manager puts you at a disadvantage in today’s threat landscape. A password manager will help you cover most of the points mentioned above by creating complex passwords and storing them away from prying eyes.

Since passwords are generated, you’ll never have the same password for different sites. Password managers also often include additional security features, such as breach monitoring, which alerts you if your information is involved in a data leak.


Creating and managing passwords might seem daunting. But, by avoiding these common pitfalls, you will significantly enhance your online security. Remember, in digital security, your vigilance is as crucial as the strength of your passwords. Stay informed, stay secure, and let your password practices be an unbreachable barrier against cyber threats.

Header image credit: Fabricio Trujillo via Pexels

Last modified: November 9, 2023

Previous Story


The Digital Revolution: How Premier League Football is Going Online

The Premier League is one of the most popular football leagues in the world and just so happens to be...

Next Story


Online Poker vs Traditional Poker: Everything You Should Know Before Playing at Online Casinos

The world of poker has evolved significantly with the advent of online platforms, offering a digital twist to...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.