Using birthdates
You should avoid using birthdates when choosing new passwords. This includes using your kids, spouse, pets, or parents. Birthdates are very easy to obtain via social engineering because we don’t treat our birthdates the same as our social security numbers. A potential attacker may even be able to find your birthday on your social media accounts.
Because birthdates are just numbers, they are very easy to enumerate in a short period of time too. This means using a birthdate in your password make its complexity and strength significantly lower.
Using special dates
You should also avoid using other special dates such as wedding or anniversary dates.
Using names
For much of the sames reasons you shouldn’t be using birthdates in your passwords, you also shouldn’t use names either. Names are even easier to obtain than birthdates, and an attacker may not even need to know what YOUR name is. More than likely, your name is pretty common. Someone could just cycle through a list of common names and your password could be compromised in just a few minutes.
Making them short
Following on that, using short passwords poses the same risk. This comes from attackers being able to using a brute force attack. Basically, they can use a computer program to try every combination of letters, numbers and symbols until they figure out your password. If you choose a password less than 6-8 characters for example, it could be cracked relatively shortly. This is why NIST suggests passwords no shorter than 8 characters.
Using religious names
You should not use any religious names while choosing a password. I love Jesus, but choosing JesusSaves as my password is not safe or smart, as I’m making myself the potential target of any attacker who knows my religion.
Using common words
Much like creating short passwords, using common words in your passwords can be increasing your chance of being hacked. Attackers use large files containing commonly used passwords that they use to try to get access to vulnerable online accounts. Avoid whenever possible using dictionary words, it is much more secure to use alternative spelling but this is also guessable by attackers.
Using only letters
On the same note, avoid using only letters at all. Most modern applications will force you to add numbers and symbols but make it a rule to follow either way. Adding numbers and symbol increases the complexity of your password and makes it a lot harder for computers to be able guess them. In some cases, it can take your password from being cracked in days to millennium.
Writing it down
Now, most of the tips till now have been about the password themselves but what about after your create your secure password? You may be tempted to write it in a journal or a post-it note, but this is very unsafe. Social engineering attempts would be able to uncover this extremely easily. Not to mention, losing the document or leaving it on a bus. This is why I recommend a good password manager which can not only store your password but many can also generate a secure password for you.
Using public wifi
When your choosing your new password, don’t do so at a coffee shop or library. Any one of the network could potentially steal your newly created password and make your account insecure from the very start.
Reusing passwords
Last thing to avoid when choosing a password is don’t use the same password for multiple accounts. Every new online account should have it’s very own password, this means even if one of your accounts is compromised your others are still safe.