The Password Habits That Are Getting People Hacked in 2023
Every year, security researchers analyze millions of credentials exposed in data breaches and publish reports on the most common passwords and habits. Every year, the results are depressing. The same mistakes keep appearing. Here's what the data shows — and whether you're making any of these errors.
Password Reuse Is Still the Biggest Problem
The most dangerous habit by far is using the same password on multiple sites. When one site gets breached, attackers take those credentials and try them on hundreds of other sites automatically — a technique called credential stuffing. If you reuse passwords, a breach at a small forum you signed up for years ago could give attackers access to your email, your bank, or your social media accounts.
Weak Passwords Are Still Everywhere
Despite years of warnings, '123456', 'password', and 'qwerty' remain among the most common passwords found in breach data. But weak passwords aren't just the obvious ones — they also include passwords based on your name, birthday, pet's name, or favorite sports team. These are trivially easy to guess with basic personal information.
The Solution: A Password Manager
The only realistic solution to both of these problems is a password manager. It generates a unique, random, strong password for every site you use and stores them all securely. You only need to remember one master password. I use and recommend Bitwarden (free and open-source) or 1Password. The learning curve is minimal and the security improvement is enormous.
Two-Factor Authentication Closes the Gap
Even with strong, unique passwords, enabling two-factor authentication on your most important accounts adds a critical second layer. If a password is somehow compromised, 2FA prevents it from being used without also having access to your phone. Enable it on your email, banking, and social media accounts at minimum.
Bottom Line
The good news is that fixing your password habits is entirely within your control and doesn't require technical expertise. A password manager and two-factor authentication will put you ahead of the vast majority of internet users in terms of account security.