7 Bad Password Habits to Break Now

It’s that time of year when everyone’s setting goals to eat better, exercise more, and get organized. As you type up to-do lists and tackle projects, take a few minutes to think about your password habits. Are you still putting your passwords at risk with the habits we’ve rounded up below? Investing in your digital security and finding tools that help you be more productive while reducing cyber security risks will pay off all year long, both in time saved and in peace of mind.

Here are 7 bad password habits you need to break now so you can set yourself up for a more secure (and productive) 2015:

1. Using the same password everywhere.

Analysts estimate that some 50% of people on the Internet are still using the same password for all of their logins. This is one of the riskiest things you can do online. With massive breaches affecting more consumer websites and services, it’s only a matter of time before one (if not more) of your online accounts gets leaked online. And with billions of credentials thought to have been leaked in 2014, it’s likely at least one of your passwords is already out there. If you use the same password across multiple websites, it only takes one website leak for someone to get access to your other online accounts, and jeopardize your identity.

2. Not having a password system.

Are you forever hitting the “forgot password” link? Especially with websites you use once a year, like Turbotax, and then forget about it the rest of the year? Without a system, it’s impossible to remember where you have accounts, how many you have on each website, and which username and password you registered with. Without a system, you’re wasting time and interrupting your workflow.

3. Never updating passwords.

When was the last time you updated the password for your email accounts? How about your online banking and other financial accounts? Or your social networking accounts? Having strong passwords is just as important as regularly changing those passwords, especially if the same password has been used on more than one account. And without a system (see above bad habit), it’s practically impossible to know when, if ever, those passwords have been updated.

4. Checking the “remember me” option.

Many websites give you the option to remember your username and password. They might also keep you logged in to the website for as long as possible. The danger here is that 1) You’ll likely forget the username and password if you have the website remember it without securely storing it elsewhere, and 2) Anyone with direct access to your computer will have no trouble getting to your accounts.

5. Storing passwords in the browser.

Storing passwords in your browser might be convenient, but it’s not enough to keep your passwords and online accounts protected. Browser password managers don’t prompt you to login by default, leaving the passwords and accounts you store exposed. Not to mention, if you ever find yourself on another computer or mobile device, and you didn’t set up automatic sync ahead of time, you’ll be left without your passwords when you really need them.

6. Sharing passwords too liberally.

At some point you’ve probably had to share a password. It could be a WiFi login with your house guests, or accounts to pay online bills with your spouse, or a login with your business partner. Whatever the case, passwords should be shared sparingly, and only with those you trust. And when the person no longer needs the password, it should be updated immediately.

7. Emailing passwords.

In the same way you should be careful about who you share the passwords with, you should also be careful about how you share those passwords. Email is unsafe and should never be used to send sensitive data, especially passwords. And if a website ever sends you your password in email, in plain text, notify them immediately and let them know it’s unacceptable. If they’re sending you your password in an email, you know they’re storing your passwords in an unsafe way, and could be jeopardizing your personal information.

The solution to bad password habits? A password manager.

Every single one of the above bad habits can be solved by getting started with a password manager like LastPass.

By remembering and filling your passwords for you, a password manager ensures you’ll never forget another password and you’ll always have the login information you need for your online accounts. A password manager also helps you generate a strong password for every account, and use a different password on each website. With features to help you share passwords, you’ll also ensure you can keep track of who has access to what and have the tools you need to easily update a password at any time.

Even if you’re already using a password manager, you might still find yourself falling back on some of the above old habits. Make a commitment to do an audit of your passwords and online accounts. Start by using the LastPass Security Challenge in the Tools menu of the LastPass browser addon to update weak or duplicate passwords.

Take action today to lock down your passwords, so you can be more productive and secure this year.


  • Mike says:

    Be careful Lastpass users. The translation of the website makes me feel it’s a phishing website. I’ve declared it to several services but don’t be fooled, it obviously can’t be the official website of a security-related company!

    • Brent says:

      What the heck are you talking about? This page is directly accessible from the Lastpass official blog and is clearly official. Just read the page url: blog.lastpass.com. I don’t know what translation you’re looking at, but it’s fine in english.

      • Juuso says:

        He means that because of LastPass’ new auto translation feature this blog looks like a phishing site. I totally agree. This will make it much more difficult to convince your friends to start using LastPass.

        It also gives me headache trying to translate my first tongue(badly translated version of it) back to english in order to understand what LastPass/commentators are trying to say.

    • יוסף רוט says:

      מעולם לא נתקלתי בתרגום גרוע כל כך. כאילו מישהו נכנס לחנות טבק עם מילון הונגרי אנגלי מקולקל ואומר שהתקליט הזה שרוט.

  • I’ve attempted to employ, nonetheless it does not operates at all.

  • Greg says:

    Uhhhh I usually use something 1234 I imagine that’s just perfect right?

  • Chris says:

    if I have say a 100 character, random, last pass generated password, why should I change it regularly? If someone is trying to guess my password, changing doesn’t help. If my password isn’t reused, my password manager is secure, my email provider has had no breaks in security (and if they have, changing my password makes it MORE likely to be compromised), there’s no reason to change my password.

    • Amber Gott says:

      Great points, Chris. What we find is that even though someone may get started with a password manager, they may forget to go back and update older and weaker passwords. Even if you start generating passwords going forward, it’s a good idea to also go back to old accounts and make sure every one has been updated.

    • Anonymous says:

      Chris you need to change your password regularly because we now know thinking your system is bug free, backdoor free, tempered free, NSA resilient, and hackproof is naive. So you need to change your password because when you will get hacked, or lastpass gets hacked or your computer is hacked the party doesn’t last forever, therefor limiting your exposure.

  • Jacob Martin says:

    1Password is a great app that I use for my iPad, and it has a browser built in. It is well worth the money!

  • Karl- Erik Johansson says:

    Har haft LastPass i flera år och är bara positivt inställd. Men, att byta inloggning är inta alltid så enkelt.