While I like to think that most of us know about basic password security practices, the truth is that many of us are guilty of at least some of the bad habits that put our passwords and accounts at risk. After all, there is more than one way that you can put your passwords at risk, and there are also devices that come with terrible default passwords.

Some of these bad habits have simple fixes, but others will require a more concerted change in your behavior. However, your passwords will be more secure if you break these habits.

7 Reusing passwords across accounts

More points of exposure

I'll admit, I'm guilty of this. While I have gotten better over the years at using unique passwords for different accounts, I have some older accounts that share the same password. The danger of reusing passwords is that if one of your accounts is compromised, cybercriminals can use the same password to target other accounts.

Imagine using the same password for your email, social media, and streaming accounts. Hackers would only need to compromise one of these accounts to gain access to the others.

If you use a password manager, you may be able to check how many of your accounts share the same password. For example, when I ran Google Password Manager's Password Checkup tool, it flagged over 200 reused passwords. Many of these accounts go back years and are services I no longer use. As a result, I went through the accounts that reused the same password and deleted them completely or changed the password where deletion wasn't possible.

Of course, there are some flagged accounts that will no longer exist. Or, if you self-host software, some of these saved passwords will be the default login details for these apps.

6 Sharing passwords with others

Other people can put your passwords at risk

Password sharing is common when you share an account with others, such as an account for a media streaming website. However, with streaming sites cracking down on password sharing, there are fewer reasons to justify doing so. The big reason this is a risk is that if the other person's device is compromised or they have poor cybersecurity practices, they could expose your password.

If you share an account with someone, see if there is a way to share the account without actually sharing your password. For example, with a YouTube Premium Family account, you share the account by inviting other user accounts to the shared subscription. Plex also allows you to share your media library with another account, rather than granting direct access to your account.

Some password managers also allow you to securely share your passwords with others without compromising your account.

5 Using social logins

Not always avoidable

While a social login (signing in to services with a central account like Facebook or Google) technically allows you to sign in to third-party services without using a password, it can expose other sensitive information if you link to an untrustworthy platform. There's also the risk of your access token (rather than your password) being compromised and used to access another account.

I used to enjoy linking my various accounts through a single sign-in as a way to avoid having to remember different passwords. However, I later realized that this can compromise multiple accounts if the central account is breached.

Depending on the information shared between accounts, this can also put other data and personal information at risk. That said, it's not always an option to create a unique account for each service you use. For example, when I tried Tana, the service would only let me create an account using a Google, Microsoft, GitHub, or Apple account.

While it's not always possible to keep your accounts completely separate, it's best to create a separate account with a different password whenever possible. Over time, I've reduced social sign-ins as much as possible, especially when it comes to my Facebook account.

You can get an overview of linked accounts in your account settings on major platforms. Please ensure that you update your sign-in method for linked accounts before revoking access.

4 Using easy-to-guess passwords

One of the oldest bad habits

I thought the trend of using weak passwords would mostly disappear over time, but every time cybersecurity companies release lists of the most common passwords, they prove me wrong. If you're using passwords like "password," "123456," or "qwerty," you're putting your data at risk.

After all, when hackers breach accounts, they can use brute force attacks and password spraying to cycle through different common passwords to see if one matches your account credentials. They may also use other leaked information, such as birthdays or names.

Even if you use a very personal password that a hacker wouldn't be likely to guess, this still leaves your accounts vulnerable to people in your life. They can easily log onto your computer and other devices using information about you.

3 Not keeping up-to-date with data breaches

It's easier than ever to stay informed

It used to be difficult to keep up with data leaks and breaches, with many people only able to figure out if their passwords were compromised when a company or service contacted customers about leaked credentials. But thanks to platforms like HaveIBeenPwned, as well as dark web searches in password managers, you can easily keep up with whether your data was compromised.

If you don't have access to dark web searches through your password manager, I recommend signing up for updates from a site like HaveIBeenPwned.

2 Storing passwords using insecure methods

It's more common than you'd think

With so many password managers available nowadays, you shouldn't be storing your passwords in simple text documents or spreadsheets. If someone gets access to your device or the cloud account where you're storing the information, they then get access to the credentials for all of your accounts.

Yes, it's difficult to remember a large number of passwords — but that's why people rely on password managers. They store your passwords behind encryption, or when lacking encryption, at least behind a device password or biometrics. You can even self-host your password manager.

I realized people still do this a while back when a company I worked with shared their account access details in a Google Spreadsheet. If you're still doing this, I recommend using a password manager instead.

1 Not changing old passwords

Passwords should have an expiry date

This is another bad habit that I'm guilty of, but I've been getting better at it thanks to services where your passwords automatically expire after a certain period of time. Old passwords put your data at risk when a service is breached, even years after you've stopped using it. If you combine this with reusing passwords across accounts, the risk is amplified.

From my own personal experience, keeping old passwords unchanged means that I had some accounts linked to very weak passwords from when I knew less about cybersecurity. While none of these were as bad as "12345," they also weren't as robust as they should be.

It's a good security practice to change your passwords every few months or at least once a year. While it takes some time to update your different accounts, it improves your security overall. It also means that breaches of old data won't compromise your current password.

Break bad habits to keep your passwords safe

While some of these habits can be challenging to break and may take time to remedy, doing so will enhance the security of your accounts. For extra security, consider setting up two-factor authentication (2FA) or multi-factor authentication (MFA) for your most important accounts. This way, even if your passwords are compromised, you will be notified of any sign-in attempts.