When it comes to managing passwords, we've certainly used our fair share over the years, but our latest favorite is BitWarden!
Bitwarden is a free, open-source password manager that provides robust functionality and performance without the high cost of other options like LastPass, 1Password, or Dashlane. Bitwarden is a great choice for anyone looking for a password manager that provides all the essential features at no cost.
One of the standout features of Bitwarden is its clean and straightforward interface, making it easy to use, even for those who are new to password managers. With Bitwarden, you can store all your passwords in one secure location, making it easy to access them whenever you need to log in to a website or app.
Another feature that sets Bitwarden apart from other password managers is its wide range of functions. Bitwarden offers not only password storage and auto-filling but also a password generator, secure note-taking, and two-factor authentication. You can also share passwords and notes with others, making it easy to collaborate with colleagues or family members.
Bitwarden is also a great choice for those who value security. All data is encrypted and decrypted locally on your device, and Bitwarden uses the latest security protocols to protect your information. Bitwarden also offers an optional feature called the “Vault Health Report” that identifies weak or reused passwords and provides suggestions for stronger, more unique passwords.
Overall, Bitwarden is a solid option for anyone looking for a reliable, feature-rich, and free password manager. Its interface is easy to use, it provides a wide range of functions, and it prioritizes security to ensure your data is always protected. Try Bitwarden today and see why it's our top choice for password managers.
Don't be caught using weak passwords!
Despite all the hacks and data breaches that fill the headlines, many of us still use weak passwords to protect work and personal accounts. One reason this problem persists is that the difference between good and bad passwords is not always clear. What is a bad password, and how can you avoid using one?
Common Bad Password Mistakes
Creating a bad password is easy since most examples of bad passwords suffer from oversimplification, duplication, or both. The best way to ensure you’re always using strong and unique passwords is to avoid these common mistakes:
Familial names: Information like first names, kids’ names, and even pet names finds its way into passwords frequently because it’s easy to remember. Since this identifying information can also be found on your mail and often online, be sure to omit it from your passwords.
Personal information: Additional personal information like addresses, phone numbers, and birthdays can also provide a starting point for a hacker attempting to guess your password, so the safest practice is to leave out anything related to identity.
Preferences: Social media accounts are another source of identifying information. If you include preferences like favorite sports teams and vacation destinations in your passwords, they can become a trail of breadcrumbs between your social media accounts and your secure credentials.
Simple sequences: Simple strings of numbers like 12345 or 56789 are far too basic and easy for others to guess to ever be used in a strong password—or even part of one.
Predictable characters or dictionary words: Predictable characters in a row, such as “qwerty,” or common dictionary words, especially “password,” should be avoided. Instead, include a variety of symbols in your password, such as uppercase letters, lowercase letters, numbers, and special characters, to strengthen password security. You should also insert special characters and uppercase letters into the middle of the password, not just the beginning or end.
Short, non-complex passwords: According to the Center for Internet Security (CIS), length is the most important aspect of a good password. Sophisticated hacking tools can crack short (8 characters or fewer) passwords in less than three seconds, but this time increases exponentially with each additional character.
Password habit mistakes
Storing passwords in your Contacts app. This may seem like a clever trick at first but it is one of the most commonly used quick solutions and if anyone is able to hack into your contacts account (which is usually synced with iCloud or Google) they would then have easy access to all of your passwords.
Reused passwords: No matter how long, complex, or unique they are, passwords reused on multiple accounts instantly become bad passwords because if a password is somehow leaked from one of these sites, it usually becomes public information that anyone can obtain. At that point the association between that password and your email is public.
Physically stored passwords: One of the best ways to protect your password is to ensure no one else has (or can get) access to it. This rules out sticky notes, scraps of paper, and other antiquated physical storage methods.
Not changing your passwords after a data breach: Resetting passwords at regular, preset time intervals is no longer a recommended best practice, but you should always change passwords after a data breach involving those passwords.
Passwords stored in a browser: Storing passwords in internet browsers is never a good idea since passwords saved in browsers aren’t typically protected with encryption to scramble them and make them unreadable to hackers. And, if your device is lost or stolen, your passwords are exposed to whoever accesses that device next.
Insecurely shared passwords: Sharing passwords is a common practice, particularly for things like online subscriptions and retail accounts. Unless you’re using a password manager with a secure sharing portal, your information becomes vulnerable if someone you’ve shared with is impacted by cybercrime.
10 common bad password examples
There’s no shortage of bad password examples demonstrating one or more password creation mistakes. Perhaps it’s no coincidence that many commonly used passwords are also commonly breached. Our bad password list provides some great examples of what not to do.
Password This unimaginative password is the #1 most commonly used today. It should not be surprising to learn that it’s also the most commonly hacked.
123456 This second most commonly used password not only lacks originality but relies on the simple sequences and sequential characters that top our list of mistakes.
Qwerty123: This password does combine letters and numbers, but it’s still extremely weak due to the common, predictable order of those letters and numbers.
LoveAngel: Terms of endearment are another characteristic that can land a password on the most frequently hacked list. This example, combining two such terms, is neither random nor complex.
Sharon481982: This example shows some improvement in randomness and character count, but the presence of a first name and birthdate places it squarely in the bad category.
121CedarLn: Who knows just how many residents of various cities and towns share this familiar address, but using it as your password certainly narrows the possibilities.
MiloIsAGoodDog: But unfortunately, he makes a bad password since information like pet names can be found on social media accounts. You need to omit Milo, Polly, and even Whiskers from your password.
#1SteelersFan: Preferences like sports teams and hobbies can tip off a hacker and give them obvious passwords to guess. It’s better to leave them out.
RedFerrari: While there are thousands of red Ferrari owners in the world, thousands more are using this common and utterly predictable password.
Solarwinds123: If you think using “solarwinds123” as your password when you work for an IT firm called SolarWinds is a bad idea, you’re right. So bad, in fact, that this bad password allowed hackers to spy on federal agencies as part of a security breach that went undetected for months. Never use your company’s name in a personal or professional password.
The risks of having a bad password
While some of the examples on our bad password list might be amusing, they can also introduce cybersecurity risks and create other inefficiencies for computer users and IT teams. The risks introduced by weak, repetitive, or poorly protected passwords include:
Data breaches - When sensitive information like login credentials, account information, or intellectual property (IP) is compromised in a security incident, this is classified as a data breach. Common hacking tactics used to gain unauthorized access to a device, server, or account include:
Brute-force attacks: Endless random combinations of usernames and passwords are entered with the assistance of a computer program until a match is found. Common passwords like “123456” or “Password” make us more susceptible to this tactic since the algorithms used by hackers can easily guess them.
Phishing: Misleading emails disguised as urgent requests from reputable companies ask us to respond with passwords, account numbers, or other confidential information. Some also include links to dangerous malware or spyware. Slightly altered company URLs, misspellings, and grammatical errors are some of the telltale signs of a phishing email.
Credential stuffing: This method uses automated software to cycle through username and password combinations stolen during a data breach. Although this tactic has a low success rate, bad passwords and reused passwords increase the hacker’s odds. Password managers and 2-factor authentication (2FA) provide a solid defense against credential stuffing by improving password strength and preventing unauthorized users from logging in.
Information on the dark web
If your password has been compromised and your information was leaked, you may not be aware of it until your information is shared or sold illegally. Dark web monitoring is used to scan the depths of the internet for your personal information and alert you when your password or account details are detected and need to be changed.
You can use enter your e-mail at a website like haveibeenpwned.com to see if it was included in a public data leak at any point in time.
More than one-third of computer users reset their passwords roughly once a month, while another 15% change passwords multiple times each week. Bad passwords and poor password storage habits can lead to set-forget-reset loops that spiral into progressively weaker and more commonly reused passwords as we quickly create replacement credentials.