Another day, another major data breach—and another article advising you to strengthen your passwords. These secret bits of information act as the keys to all of our important online accounts, from social networks to email inboxes, from our bank accounts to our business profiles.

That’s why choosing strong passwords, and managing them well, is so critical to your business security. It could be the difference between keeping your identity safe and landing your information in hackers’ hands. Your password not the only security measure you need to think about, but it’s one of the most crucial.

Unfortunately, a lot of us are pretty bad at choosing passwords. We tend to pick ones that are easy to remember, and therefore easy to guess, and we tend to reuse them again and again.

Common Poor Password Practices

Wondering if you’re making some of the most common password mistakes?

Common Passwords

Whenever there’s a big data breach and user passwords are exposed, security companies always make a list of the most common passwords people were using.

Among those studies, the five most common passwords were “123456,” “password,” “12345678,” “qwerty” and “12345.”

But weak passwords aren’t the only thing to watch out for. Hackers have computers that can “guess” for them. And chances are good that even security-conscious folks might make a common mistake in creating their password.

A recently released study tracked passwords at a Fortune 100 company and found that about half followed five common patterns. Here are three of the most common patterns found in the study:

  • One uppercase, five lowercase and three digits (Example: yourbusiness123)
  • One uppercase, six lowercase and two digits (Example: yourbusiness12)
  • One uppercase, three lowercase and five digits (Example: yourbusiness12345)

These are just things people do without thinking about them. However, if you create a password with any of those patterns it makes a computer’s job a lot easier.

Short Passwords

Despite what you see in the movies, professional hackers rarely sit down at a computer and try to guess your password; that’s usually done by casual snoops such as relatives. Instead, hackers get millions of passwords at once from company data breaches or other sources.

Shorter passwords are easier to crack and hackers go for those first. As passwords get longer, it takes longer – as long as they aren’t obvious like “123456789”. Hackers scan for the obvious ones first a different way.

Many hackers don’t even bother with passwords eight characters or longer, although as computers get more powerful, it will take less time. So, 10 characters would be better.

Using The Same Password Twice

As I said, most hackers don’t try to guess your password. But if they get one of your passwords in a data breach, or from a virus on your computer, they will go after your other online accounts.

That’s why you want a different password for every account, especially your critical financial accounts. If the password they have doesn’t work right away, they’ll usually move on to someone else’s that does.

Best Password Practices

Never give out your password to anyone.

Never give it to friends, even if they’re really good friends. A friend can – maybe even accidentally – pass your password along to others or even become an ex-friend and abuse it.

Don’t just use one password.

It’s possible that someone working at a site where you use that password could pass it on or use it to break into your accounts at other sites.

Create passwords that are easy to remember but hard for others to guess.

One possibility is a phrase such as “I started 7th grade at Lincoln Middle School in 2010” and use the initial of each word like this: “Is7gaLMSi#2010.” And make them at least a little different (by adding a couple of unique letters) for each site. On some sites you might even be able to type in the entire phrase.

Make the password at least 12 characters long.

The longer the better. Longer passwords are harder for thieves to crack.

Include numbers, capital letters and symbols.

Consider using a $ instead of an S or a 1 instead of an L, or including an & or % – but note that $1ngle is NOT a good password. Password thieves are onto this. But Mf$J1ravng (short for “My friend Sam Jones is really a very nice guy) is an excellent password.

Don’t use dictionary words.

If it’s in the dictionary, there is a chance someone will guess it. There’s even software that criminals use that can guess words used in dictionaries.

Conclusion

Now, if you’re like me and have dozens of accounts online, even using this system can be too much. That’s why a password manager can be a great help. It keeps your passwords secure, and you only need to remember the one to open it.

At any rate, it’s #WorldPasswordDay today, so it’s a good reminder to go in and reset some of your easy passwords, and swap them out for much stronger passwords. Be safe out there!