What to Avoid When Creating or Changing Your Password

Password hacking happens every day, and not just to large corporations or governmental organizations. Cybercriminals can profit so much from hacking any person’s accounts that it is well worth the effort for them to invest time and effort in trying to gain access to “ordinary” people’s accounts.

Banking information, shopping profiles, and all other types of personal and business accounts are vulnerable to cyberattacks. Here are four things you should avoid when creating or changing your password to prevent having your accounts compromised.

DON’T keep your password short

Did you know the shorter your password is, the faster a hacker can brute force it? When a hacker brute forces your password, they use a password cracking system to guess possible character combinations quickly.

The chart below demonstrates how long it takes for a hacker to brute force passwords of varying lengths and character combinations:

Since longer passwords have more combinations to test, they are much harder to crack using brute force methods. The general recommendation is to create a password with twelve or more characters using a mix of numbers, upper and lowercase letters, and symbols.

DON’T use personal information or common words

It is surprisingly effortless to figure out personal information that makes it easy for us to remember our passwords, but also opens up more opportunities for our accounts to be hacked. For example, security questions used to protect an account are relatively common, and their answers can be discovered in various ways.

While your password can still have some level of meaning to make it easier to remember, try to avoid the following:

  • Child or pet names
  • Birthdays and anniversaries
  • Street names and other location-based words
  • Any personal information you share on social media

With all the information we have available to the public or even just to our friends, it is easier than you may think for cybercriminals to access your accounts.

DON’T use the same password for all your accounts

According to a recent survey by Security Magazine, 53% of people admitted using the same password for different accounts. This lack of password hygiene is a massive problem for many reasons.

  • Reusing passwords means that when one account is compromised, the rest might be as well.
  • Cybercriminals can look at different accounts to make connections between different parts of your life and find ways to guess your password, private details, or other information about your other accounts.
  • When you stop using an account but do not completely shut it down, your information stays in some company’s database, making you vulnerable from multiple directions.

Since many company email addresses are set up using similar patterns, and links between social media platforms like LinkedIn and other accounts are easy to match up, using the same password for various accounts makes you unnecessarily vulnerable. At the very least, you should create unique passwords for your work and personal accounts.

DON’T only change small details

When you update your password, it can be tempting to keep it mostly the same, but just change or add a character. While this is technically a “different” password, this update is not any more secure than the password you just had. This practice is called “password recycling.” It is one of the many ways we use to make ourselves feel more secure than we are.

Instead of password recycling, we recommend making a complete change to your password anytime you update it. This suggestion also applies to creating different passwords for different accounts: rather than using variations of the same password for those various accounts, it is safer to use completely different passwords each time.

It can be challenging to keep track of all your accounts and their passwords. One way to help is by using a password manager, which allows you to use one password to authenticate access to other systems. Even creating and password-protecting a spreadsheet on your home computer is better than using the same password or a variation for all your accounts.


In this day and age, most people have multiple accounts containing important information. If cybercriminals gain access to your accounts, it could put your personal, professional, and financial safety at risk. Avoiding these four missteps when creating or changing your password will help you protect your accounts.