Why Password Safety Matters and How to Do It Right

If we’re being truly honest, passwords can feel like one of the biggest annoyances on the planet. They’re hard to remember, there are so many “rules” we’re supposed to follow with them, and it feels like they do a better job of keeping us out of our accounts than the bad guys.

We get it. However, here’s the reality. Most people who don’t practice good password safety will have nothing bad happen to them. However, “most” people does not mean everyone. This means that if you’re not practicing good password safety, you are at risk of having your important accounts compromised by bad actors.

Here’s what’s even more important, though. Even though it’s a smaller percentage of the population that falls victim to this, the potential ramifications and damage that can be done are massive. Lost money, accounts wiped out, identity theft, personal information compromised—the list is pretty endless.

We share all of this to say this.

Yes, practicing good password safety can be annoying and feel tedious, but the dangers that come with not doing it are too great to ignore.

With that said, our goal today is to share what good password security looks like, and to share some practical tips to try and combat the annoyances while still staying safe.

1. Each account you have DOES need its own password.

One of the biggest mistakes people make with password safety is also the one that can have the most catastrophic effects. If you are using the same password for multiple accounts (or all of your accounts), your password being stolen once means instant access to everything.

For example, if you use the same password for your online banking as you do with your email and then also on silly fun accounts, you’re at a higher risk. Often, the “silly fun” websites may be more vulnerable to passwords being stolen. If your password is stolen from a seemingly not important or sensitive site, the scammers still now have your password for everything.

Typically, once they get a password, they test it everywhere with the same email address to see if it works anywhere.

Have a different password for every account that you have online. If you’re worried about how to remember them, stay tuned for tip number 7.

2. Using common words or personal details in your passwords DOES dramatically increase your risk.

While most password attacks don’t come from brute force (trying a bunch of random passwords), some do. Hackers may use programs to try multiple combinations of letters, numbers, and words to effectively try and guess your password.

If you have a long password that’s just letters, numbers, and symbols, this is near impossible. However, if you use common words or words that are attached to you (like a birthdate or your last name or even ‘password’), it can be way easier. Hackers may write programs that prioritize testing these combinations, which can make guessing your password much easier.

3. Yes, you really do need longer passwords.

As we mentioned above, the longer your password is, the harder it is for these brute force attacks to be effective. How long?

The general rule of thumb is that a password should be at a minimum 12 characters, though 16+ is much better.

Keep in mind that many ‘strong’ password indicators on websites show that you’re good at only 8 characters. We would advise you to ignore that and make them longer.

Now, if this has you worried about how you’ll ever remember a longer password, one trick you can use is to make your password a long connection of several words separate by a symbol. A long password of words done this way is still generally safer than a short password of random characters.

For example, your password could be “Turkey.Trot.Runs.Are.Long”. This password is 25 characters long and as long as you’re not well known for doing turkey trots, it’s a great password that is way easier to remember.

4. Do not input your passwords on public computers unless you have no other choice.

Having a safe password is one thing, but taking care of it is equally important.

These next few tips will focus on how to do this.

Here’s something you may not know. There are programs out there called keystroke loggers that scammers can install on computers (private or public) to track all the keystrokes that are put into the computer. This means that if you type in your email address and password while a keystroke logger is active, the scammer will be able to see exactly what you typed and know your password.

Sometimes these key loggers can be installed onto your personal computer if you download a file that has one hidden inside of it. For public computers, scammers can simply use the computer before you and upload the malicious software and then come back later to collect the data (or have it sent to them).

Unless you have no other choice, do not enter your passwords on public computers or devices that aren’t your own.

5. Yes, you should change your passwords regularly.

Some systems will force you to change your password every 60 or 90 days, while others will let you keep the same password for as long as you want.

Does it feel annoying when these systems force a new password? If we’re being honest, yes. However, we’d encourage you to see the value in doing this.

When password lists are compromised, they are generally not compromised in perpetuity. In other words, they are stolen once at a fixed point in time. The scammer usually doesn’t have continual access to the password lists after this.

Why does this matter? When password lists are stolen, they aren’t always immediately utilized. They might be collected and then sold on the dark web, which takes time. If you are regularly updating your password, the chances are good that if your password is involved in a breach, you may have updated it between the time it was stolen and the time it was attempted to be used.

Again, yes, this process can be tedious, but it’s such an important step toward digital safety.

6. Don’t write your passwords down next to your computer or in a file on your computer.

It can be tempting to keep your passwords all written down neatly on a piece of paper next to your computer or in a file on your actual computer. While we understand the perceived helpfulness of this, it creates a lot of risk for you.

If someone comes to your house and has bad intentions, a quick snap of a photo and they have access to your whole life. If you store your passwords on your computer and a hacker gains access to your files, not only will they have your files, but they’ll have access to all of your accounts.

If you’re finding yourself asking what you’re supposed to do then to remember your passwords, please read our next tip.

7. A safe password manager can be helpful.

So, how do you remember all your passwords if they’re now all long, all different, and changing every 60-90 days? The best recommendation we can offer is to use a password manager.

The way a password manager works is you create one super secure master password for the manager. This password allows you to log into and activate your password manager. Then, within your password manager, you store all of your log ins and passwords.

The password manager then has browser extensions (or may be part of a browser) where you can auto fill in your passwords as long as you are logged into your password manager.

It’s super convenient, and a great way to stay safe without all the annoyances. That all said, there are some things to remember when using a password manager:

• Make sure you’re using a trusted and reputable one.
• Be safe with your master password. If it gets compromised, the hacker or scammer will have everything.
• You still need to follow all of the other tips given here including having long, complex passwords that are updated frequently and are different for every account. (It does get a lot easier with a password manager, though).
• Be careful if you let someone use your computer or phone while the password manager is active. If there is not an additional layer of authentication (like two-factor authentication), they technically could access anything.