The Mistakes You’re Probably Making with Your Passwords, According to a Cybersecurity Expert

published Oct 2, 2022
We independently select these products—if you buy from one of our links, we may earn a commission. All prices were accurate at the time of publishing.
Post Image

I received an email yesterday from a popular food delivery service confirming an order of $110 worth of spring rolls at a restaurant in Los Angeles. I live in Washington, D.C. and, while I enjoy a spring roll, I am not ordering them by the dozens. Thankfully, I called the restaurant before they started the order and my credit card company refunded the charge, but it sent me into a frenzy. 

If some had a password for my food delivery account, which other passwords did they have? Were they able to get my credit card information from my account? When they angrily went into the restaurant declaring that they were my brother-in-law and I’d approved the order (true story — the restaurant owner called me back to double check there hadn’t been a misunderstanding!), I wondered if they had more information than just my delivery account. I changed no less than a dozen passwords within minutes and put holds on both my credit cards, but it gave me a new appreciation for digital security.

Amir Tarighat, CEO and co-founder of cybersecurity company Agency, says I’m not alone — and no one is off limits from their information being breached. “In 2021, the average number of cyberattacks and data breaches increased by more than 15 percent from the previous year,” explains Tarighat. 

Whether your lack of digital paranoia is summed up by “my password is my dog’s name and my birthday” or you’re one of those people who’s wary of Apple Pay, this article is for you. A cybersecurity expert answered all your burning questions about passwords, bank accounts, Google, and whether or not you really need a passcode on your phone. 

Credit: Getty Images | Westend61

How important is it to change your passwords and how dangerous is it to ignore reminders to change them?

You’re logging into a delivery app to order dinner and are interrupted by an, “It’s time to update your password!” message. Those reminders to update your password are like clockwork — and they’re incredibly annoying. 

But it’s critical to change your passwords regularly and use those reminders as your cue to update. Volodymyr Shchegel, VP of Engineering at Clario, says “While it may be an inconvenience to change passwords regularly, it is a much bigger inconvenience to deal with a security breach, even on a personal level.”

How should you come up with a good password?

Shchegel recommends using a password generator to come up with a truly random password. The odds of someone guessing a totally randomized combination of letters, numbers, and characters are far lower than if it’s your street name and mom’s birthday.

But there’s one option that’s even better than a generator. Shchegel says, “If you have devices that use biometrics to gain access to the device, select that option — it’s pretty difficult to steal a fingerprint or retina scan!”

Is there anything you shouldn’t use as a password?

Don’t use Password123. 

But, in all seriousness, don’t use anything that a hacker could find on your Facebook, Instagram, LinkedIn, or in public records. That includes any variation on your address, alma mater, or pet’s name. “Don’t use any personal information in the password itself, like numbers that represent birthdays in your family. It doesn’t take a lot for cybercriminals to find that information online,” advises Shchegel.

How do you keep track of all these random passwords?!

“It is frankly unrealistic to memorize different passwords that are constantly being updated, so don’t panic!,” exclaims Shchehel. Phew. 

Thankfully, there are tools to help you. Google has a built-in password manager, plus it can generate hard-to-crack passwords for you. OnePassword is another popular option.

Is it bad to have to have the same password or a slight variation for different accounts?

Shchegel says, “If a hacker gets ahold of one password, suddenly every account or device that uses a variation of that password is at risk.”

Think about it: How many online accounts do you have? Do you even know?! (I don’t!) And how many of them have the same passwords? Imagine just one of those gets hacked. All of a sudden, cyber criminals have access to all of those accounts and a snowball effect takes hold. 

“Typically, scams start with information taken through a data breach (for example: your number or date of birth ends up on the dark web). The scammers then cross-reference that breach data with what’s available in public records — like former addresses or driving records, or social media – like your school, job, pets, or hobbies,” says Tarighat. Once they unlock one, they start trying others and you face major security issues.

Credit: Apartment Therapy

Are apps that link to your bank account safe?

Is there a right or wrong way to use CashApp, Venmo, Zelle, and the like? There are some concerns in cybersecurity circles that these apps are easy to breach and often fall victim to phishing schemes. For that reason, Shchegel advises keeping your circle of payees small and says, “I would only recommend using them for small money transfers between family and friends. This ensures a fraudulent text claiming to be Netflix or your power company demanding money for an unpaid bill won’t trick you.”

He also recommends using two-factor authentication and biometrics, if available, whenever using banking and money transfer apps.

Is it better to link things to your debit card, credit card, or bank account?

If your payment app account does fall victim to fraud, it’s better to have it linked to a credit card rather than your bank account. Shchegel says, “Credit card companies tend to have more policies in place for reimbursing funds lost to fraudulent charges.”

Is it dangerous to put your whole life on Google?

Shchegel reassures me that Google is incredibly secure — as long as you use the security measures in place. Set up two-factor authentication and biometrics on your devices. Beyond that, use general security measures. He explains, “The basics remain the same: Change passwords frequently, keep them random and long, and be mindful of your sharing settings for documents, photos, and drive.”

Is it bad not to have a password on your phone?

This is the one you’ve been waiting for. And Shchegel may not have the news you want to hear. He says, “The second your device is lost or stolen, any app on your unlocked device is fair game for a hacker or even a basic street level thief. It doesn’t take much skill to steal valuable information from an unlocked phone.” 

Is using Apple Pay and Apple ID saved passwords for everything as risky as it feels?

“With Apple Pay for example, the merchant never sees your actual bank details, rather a sort of ‘code’ that Apple has created for that transaction, which is what we call tokenization,” says Shchegel. It’s no different than saving your credit card on an e-commerce site!