Passwords: the Do’s and Don’ts to Help Keep You Safe Online

Passwords. Every online account (financial and otherwise) and app needs one. But not all passwords are created equal and choosing good passwords can make you much, much more secure. There are some specific guidelines below but keep in mind the following basic ideas: your password should be hard to guess, your password should be different for every site/app, and your password should be kept secret. All of the specific advice below is designed to keep you safe and your accounts secure online.

Don’t reuse passwords.

If a site or service leaks your username and password (and some will, eventually) you can bet those credentials will be tried on other sites – like your online banking site or email provider. Create a unique password for each and every site and online service.

Don’t use personal details in your passwords.

Maiden names, addresses, pet names, birthdays, parts of you email address, etc. This information isn’t as hard to find as you think. The people you want to keep out of your accounts know it’s easy to remember – so they’re sure to try it too. Those Facebook quizzes or games that ask you to post the first car you owned, the street you grew up on are asking for the same information that you use to reset passwords on some sites. Don’t share that information publicly. (And take your birthday off there too while you’re at it, at least the year).

“Password” isn’t a good password.

Neither is “1234”. And as you may have guessed “Password1234” isn’t any better. Every year lists of the year’s most common passwords circulate; if you see yours on there it’s a good idea to change it. Even though they may be generic and not specific to you (see above) these are the most commonly used so they’re going to be among the first ones tried by someone trying to gain access to your accounts. Here’s a story on the most common passwords in 2020.

Length and variety are key.

The longer the password, the better. And the more different types of characters, the better. Aim for at least 8 characters (more is better) and mix it up with letters, numbers, and symbols (@#$^, etc).

Don’t store your passwords in a document saved on your computer called “passwords.doc”

The downside of creating unique, complex passwords is that they can be hard to remember. Password managers offer strong protection and tools for managing your passwords. Both LastPass and 1Password have good reputations, offer tools for managing passwords in the web browser and on your mobile phone, and can even help you generate strong, secure passwords.

Treat your email address password most carefully of all.

If you’re like most people, your email account is actually the gateway to all of your other accounts. Why? Because that’s where most of your password reset emails will go. So if someone gains access to your email account, they can reset your banking password to whatever they want and then you’re locked out. At an absolute minimum, if you don’t listen to anything else in this article, make sure your email password is different from every other password you use anywhere and make it strong.

Keep an eye out for suspicious activity.

Are you receiving password reset emails you didn’t request? Emails from services you don’t remember signing up for? If you use multi-factor authentication (a text, app, or email with a new code every time you log in) and get texts when you aren’t trying to login….all of these are signs you should be concerned. Troy Hunt, a security researcher, runs a website called Have I Been Pwned (https://haveibeenpwned.com/) that will let you safely and securely check to see if your email address has been in any large scale data breaches. If it has, you should change the password for that site immediately and any other site where you may have re-used that password. A quick example: if you check and see that your email was in a breach at Marriott and you have re-used your Marriott password elsewhere, you are now much, much more likely to have your account taken over wherever that password was re-used.