Think back to the first time you went on the Internet and registered an account on a website.
Chances are that it’s probably a vague memory because it was so long ago. If you’re like most people, you were on the Internet by the age of 10…assuming you were that young when it came into existence. After all, by age 10, young people are more likely to be on the Internet than any adult older than 25.
So it was most likely a while ago since you made your first online account. But I’m sure many of you still remember some details about it, such as the first password you used. Why do I think this? Because 41% of people reuse the same password across accounts. This number jumps to 56% when it includes slight variations of the same login.
And they aren’t just reusing it once or twice. People reuse each password up to 14 times on average.
There’s a chance that you’ve been doing this since that first account you registered online. Maybe you’ve just added an extra exclamation point for each new account, or you switch the number at the end.
Regardless, most people aren’t managing passwords securely which leads to 81% of data hacks. Based on what I already told you, maybe you think the point I’m trying to make is that you shouldn’t use the same password if you want to keep your account secure. And you’re right.
But protecting your data involves way more than that. To help you keep your accounts safe, here are 15 tips on how to secure your passwords.
Table of Contents
Use Different Passwords
I already said how people reuse passwords up to 14 times.
Sure, it makes it easier for the users since they don’t need to keep track of so many login credentials. After all, 14 different combinations is a lot, especially when you have even more accounts and need to remember which one uses which combination.
If a hacker discovers your credentials for one account…they technically hacked every other account too.
But users in the US have an average of around 130 online accounts connected to a single email address. If people have that many accounts, then how could a hacker possibly find which ones use the same login information?
Well, a hacker who profits from stealing your information will make the effort to find them. And for most of them, it doesn’t even take them that long to figure out. Competent hackers can crack most user-generated passwords within 10 minutes.
There’s an even greater risk if you have so many accounts tied to the same email if you’re recycling passwords.
If hackers get into your email account, they can get into all of these 100+ sites. They can change the login credentials to any site linked to your email so that you can’t get in, but so they can log in to steal your data.
Choose a Unique Password
While you’re making different passwords, you need to make them unique. Don’t just add an extra exclamation point or different number at the end of the login that you already use for another site. This is hardly any more secure because slight variations are the first thing that a hacker will try.
You also shouldn’t use something common, like picture1. Common logins such as this are easier for hackers to guess since they’re the most used options. In 2020, this moved to number three on the list of most popular options.
Unlike the others on the list, it took three hours to crack since it was new to the list. But many of the 200 most popular passwords take less than a second to crack.
Make Up New Words
A good way to keep hackers from guessing your login is to use fake words that you make up on your own. It makes it harder for someone to guess if the word you use doesn’t even exist.
Crackers try dictionary words first when attempting to get into accounts. It’s also less likely that you’ll end up on the list of most popular choices if what you used isn’t even a real word.
That way, hackers need to put in some extra effort to uncover your credentials.
Don't Use Public Information
Another necessary component for managing passwords securely is to avoid using public information. If it’s information that anyone could access about you, such as your birthday or maiden name, then it isn’t secure.
Hackers will likely guess this kind of information since they know it’s easy for you to remember. Therefore, you’re more likely to use it in your login credentials. So always avoid using this kind of public information.
Likewise, you shouldn’t choose security questions or password hints that use public details about yourself. Even questions like the make and model of your first car aren’t secure.
Experts recommend lying for these questions so that there isn’t a risk if a bad actor sought out the information about you.
Make it Difficult to Guess
Public details aren’t the only information that you shouldn’t use. If people who know you well could somehow guess it, then don’t use it in your passwords.
For instance, your friend might know your favorite color or people know your best friend’s name growing up. These are common password hints and security questions. And with social media today, it’s easy for even people who don’t know you well to learn information about you.
In the picture above of golfer Lydia Ko, people who don’t know her well might not have known what her first car was. But by posting it on social media, now anyone can find it with a Google search or by going to her Instagram page.
This goes to show why you shouldn’t use details like these that someone can find on your social media accounts. So when you’re creating a new online account, also make it difficult to guess for people who do know you well.
Never Share Login Credentials
You might trust your family, friends, and even your coworkers, as you should. But just because you know and trust them doesn’t mean that you should share your password with them.
They might not have any malicious intent to steal any of your information, but you can never be too sure about what they might do.
You also can’t ensure that they’ll follow these rules for managing passwords securely. So even if you were doing everything else right, your account could end up compromised if they weren’t careful too.
To avoid this, there’s a simple solution…just don’t share your password.
Update Often
There are different recommendations by experts for how often you should update your account. Some say every 90 days, and some say as often as 30 days.
Others say that it isn’t significant to change them so frequently since hackers could guess them within 10 minutes. Instead, they believe that having a strong secure password is more important than updating them often.
But in some cases, it can help to update them often, as long as you aren’t just making slight variations as I mentioned earlier.
Sometimes it can be difficult to detect if an unauthorized person has accessed your account. And it may even be impossible to know if someone discovered your password.
Because of this, it helps to change them periodically as a precaution. There are other instances where you should update them no matter what…
If you forget your password
If you haven’t logged in for a while (inactive accounts are easier to hack)
If someone discovered your password, such as if they see it written down or watched you type it
After a security breach
If you suspect someone accessed your account
If you discover malware on your device
If you log in on a public or unsecured network
Log In Frequently
Remember the Webkinz account that you made in the fifth grade? If you have no idea what I’m talking about, it was a popular online children’s game that came out in 2005.
If you bought a stuffed animal Webkinz, you received an access code to bring that animal to life on your online account. Users could feed them, build them a house, and play games.
For kids at the time, this might have been their first online account. And from there, they could’ve started reusing that same password for other accounts.
If I had to guess, most users probably didn’t go back to delete their accounts once they stopped playing the game. That means it’s been sitting inactive for years. The same is true for any other account that you never deleted but stopped using.
Lucky for these users, Ganz (the company that owns Webkinz) deleted all inactive accounts in October 2019. But if someone hacked a user’s inactive account any time within those 14 years, they could’ve gained access to their information and their first password that they’ve been using for years.
And unfortunately, there’s a chance this did happen since a hacker stole and leaked data from 23 million users. Luckily it was in 2020, so maybe some previous users’ data was safe if their account details got deleted in 2019 before the hacker stole the data.
To keep these risks from happening, log in to your accounts often. That way, you’ll notice any suspicious activity. And if it’s a site that you don’t have a use for anymore, you should delete it.
Make Sure You Remember It
Another tip for managing passwords securely is to make sure you remember them
If you can’t remember it, then you’ll need to write it down somewhere. But this puts you at risk for someone finding it. You’ll also have no idea if a hacker accessed your account and changed your password, or if you simply forgot what it was.
To be frank, though, it might be safer for you to create a password that’s secure and have to reset it every time you log in to a new account than create one that’s easy to remember and insecure.
Keep Credentials Hidden
Alright, I know what you’re thinking, “How am I supposed to remember all of these login combinations if I have to make all of them unique and completely different, plus I shouldn’t write them down?”
I get it. You’re human, and you can’t possibly remember that many details. So, if you’re going to write them down, you need to keep them hidden.
This means not putting a sticky note on your monitor where a coworker could see, or under your keyboard where the cleaning staff might find after you’ve left for the evening.
Always keep these in a hidden, private place. If you can lock a filing cabinet near your desk, that would be a safe place for them. Just don’t misplace the keys.
Create a Long Password
There’s a reason why websites have password length requirements.
The more characters there are, the harder it is to guess. This means that there are more combinations that a hacker would need to try before they could guess correctly.
Hackers can’t crack a phrase with brute force if it has over 10 to 12 characters. Because of this, they would need to try word combinations and other techniques. So the more characters there are, the more combinations they’d have to try.
Combine Different Characters
Along with making your passwords long, use a variety of characters. This increases the number of characters that a hacker would have to try to successfully gain access.
Many sites already require you to use a variety of characters. Some only suggest letters and numbers, while others suggest a capital letter and a special character. The more variety you have in your password, the harder it is to crack.
Turn On Multi-Factor Authentication
Multi-factor authentication is a feature that requires multiple steps of verification from a user.
It involves further authentication besides entering login credentials, such as entering a one-time code or PIN that gets sent to a mobile device.
If the login credentials do get compromised, the username and password alone wouldn’t be sufficient for an unauthorized person to enter the account. Unless they also have the device with the enabled multi-factor authentication, they can’t access it.
This is one of the best methods for managing passwords securely.
Don't Save to Shared Devices
Because you don’t want someone gaining access through the device, you should never save a password on a device that you share with someone else.
Otherwise, multi-factor authentication isn’t going to do much for you.
You also wouldn’t want the account to stay logged in when someone navigates to the page. If a web page asks if you want it to remember your login details, always say no if someone else might use that same device. If it doesn’t ask, make sure you still log out when you’re done using it.
Even if it is your personal device that no one else should be using, it’s still safer to decline to save your password. If your device falls victim to malware or ends up lost or stolen, someone could then benefit if you saved your login information to the page.
Utilize Password Manager Systems
These systems store and manage online credentials and generate passwords. They typically get stored within an encrypted database that requires one master password to unlock.
That way, you only need to remember one password which unlocks the credentials to your other accounts. This eliminates the need for you to keep track of so many different login details so that you’re not tempted to reuse the same combinations.
While they sound like an easy and instant way to stay safe, they don’t usually provide 100% security. But they can be a part of your password management plan so that you protect your account, especially if you use them in conjunction with multi-factor authentication and the other security steps that I mentioned.
Conclusion
By now, you might be feeling pretty overwhelmed. If you’re considering all the ways that your accounts are at risk because of how you’ve been managing your passwords, don’t fret.
We’re all human, so you’re not alone. A majority of people don’t adhere to all of these best practices. But you want to start implementing them so that you aren’t a part of this majority.
The last thing you’d want for your data is for someone to steal it because of a simple step you didn’t take to protect it.
Since you now have the information for protecting and managing your passwords, you’ll be better able to prevent yourself from falling victim to a hack.