We’ve all set up a new password and defaulted to something familiar. A nickname. A birthday. Perhaps the name of your dog. That same combo you’ve used since high school. It feels harmless until your online banking account becomes the weak link. It’s not about being careless with the way you use your smartphone. It’s about falling into habits that feel normal but make us predictable.
If you think your old and familiar password is good enough while setting a banking password, this is for you. Here are four habits hackers count on and the ones I ditched for good.
Related
World Password Week 2025: AP’s expert tips to stay safe online
The words we trust — and the risks we forget — in our online lives
4 You’re reusing passwords or making them obvious
Convenience is the enemy
Remembering a dozen unique, complex passwords is a pain. However, using the same one across your email, shopping sites, and bank account is asking for trouble. There’s a term for it: credential stuffing. Hackers get your info from one breach and use it on every account you own. If you picked something common like “Password123,” they won’t need fancy tools.
Run your password through tools like Have I Been Pwned? and you’ll discover how high the chances are that it’s circulating on the dark web. Even tricks like swapping alphabets for special characters are well-known patterns and unlikely to deter determined hackers.
Use unique, random passwords for each account. Better still, switch to a password manager. It remembers those nonsense sixteen-digit alphanumeric strings of unique passwords so you don’t have to.
3 Your passwords are too short or personal
No, your dog’s name doesn’t cut it
n”” data-modal-id=”single-image-modal” data-modal-container-id=”single-image-modal-container” data-img-caption=”” n
n””>
If your password is short or includes personal info like your birthday, pet’s name, or favorite band, you’re not doing yourself any favors. I used to think my dog’s name combined with the year I got her was a clever password until I realized I posted that info on Instagram. A hacker wouldn’t need to guess. Just scroll. Social engineering is easy in today’s socially connected world.
Short passwords are easy targets for brute-force attacks. Anything under eight characters can be cracked frighteningly fast. Even eight characters isn’t exactly Fort Knox.
The right approach is to go for a long and random password. I use passphrases (four or five unrelated words strung together). Easier to remember, much harder to crack.
2 You don’t change passwords often enough
Outdated or unprotected passwords are an open door
Another habit I had to unlearn is setting a password once and never looking back. If you haven’t changed your banking password in years, chances are it’s out there in an old breach file.
Even worse? Saving your passwords somewhere obvious. I used to keep mine in a notes app on my phone. Some people use spreadsheets or email drafts. It feels safe until it isn’t. Your phone can get robbed. Your Google account can get hacked. All of which can lead a nefarious user to your banking details.
A good practice is to change your passwords at least once or twice a year for sensitive accounts. And don’t store them in plain text. Password managers offer secure, encrypted storage and generate stronger options for you.
1 You’re skipping 2FA or falling for phishing attacks
One click can undo even the best password
You could have the strongest password in the world, but if you give it to a fake login page or skip two-factor authentication (2FA), it’s all for nothing. Phishing scams are everywhere. Emails that look like your bank, text messages asking you to verify something, even fake login pages that mimic the real thing down to the last pixel.
I’ve come close to falling for a few. One used my bank’s logo and color scheme perfectly. The only giveaway? A sketchy-looking email address. Set up ad blockers, such as browser-based options, or a tool like Pi-hole. Verify email addresses or URLs before clicking them. When using banking services, go directly to the official app or website to check.
As for 2FA, it’s one of the easiest ways to protect yourself. It’s a second step, usually a code sent to your phone or app, that keeps intruders out even if they have your password. It might feel like extra work, but the added security is a huge upgrade.
A few small changes can protect a lifetime of savings
I know it’s tempting to stick to what’s easy. But in the world of online banking, convenience can be your biggest security flaw. These four habits, like reusing passwords, picking weak or personal ones, storing them carelessly, and skipping essential security steps, are avoidable. Fixing them isn’t as complicated as it seems.
The tools are out there. So is the knowledge. The hardest part is breaking old routines. After I made a few changes, like switching to a password manager and turning on 2FA, I stopped worrying about what might happen. That peace of mind is worth the extra effort.
