Unfortunately, not everyone practices proper password management.
And, in this digital age, how you manage your passwords can be the ultimate determining factor between staying safe and falling victim to identity theft and other serious cyber crimes.
When you think of password management, you may think that you can just change some of your most-used passwords once and not have to worry. Although that’s a good beginning step, there are so many other factors you have to consider in order to practice good password management.
One huge mistake that people make when it comes to passwords is that they use the same password for multiple accounts/websites.
This may seem like a smart idea since one password is obviously easier to remember than several, but reusing passwords can cost you more than you may know.
For instance, if anyone happens to guess or learn that one frequently-used password, they will then have full access to whatever accounts and websites you used that password for.
Google recently partnered with Harris poll and surveyed 3,000 adults ranging from ages 16 to 50 and up.
According to the 2019 survey, 52 percent of people who were polled stated that they reused the same password for multiple accounts and 13 percent stated that they reused the same password for all accounts.
The survey also showed that only 24 percent of respondents use a password manager service.
If you are struggling with password management, know that you’re not alone. Millions of people each year fall victim to cyber criminals, and their lack of strong password usage is a big part of the problem.
To help you and others who are struggling with passwords, we decided to ask a few security experts to provide their best tips regarding password creation, storage, and management.
They gave the following 10 tips:
Read on to see what each expert had to say about the tips listed above.
Kyle Hrzenak, CISO at Green Shield Security LLC
“A tip that I have for people, especially families, who want to create secure passwords would be to leave any personal information out of passwords.
Things such as birthdate, city of birth, first child's name, etc. are easy to guess. These entries are the prime target for malicious users to guess and crack.”
Steven J. Hausman, President of Hausman Technology Presentations
“Do not use obvious personal information. That is, especially with regard to families, do not use kid’s names, pet names, the name of your street, or your school.
When you have to respond to security questions (like your pet’s name), it can often be found on your social media account, so make up fake information to use in answering security questions.
For example, if your high school was Middleburg High School, then for the security questions say it was Regional High School. You should also make certain that your social media accounts do not contain private information if at all possible.”
Steve Weiseman, Lawyer, College Professor, Author, and Identity Theft/Scam Expert at Scamicide
“If [...] you wish to keep things simple and you want to manage your own passwords, the best thing to do is to develop a basic password that gets adapted in an easily remembered manner for each of your accounts.
A good, strong password will have capital letters, small letters, and symbols. A good way to achieve this is to make a phrase your core password, such as IDon'tLikePasswords.This is a good start. Now add a couple of symbols so it reads IDon'tLikePasswords!!! and you have a good strong base password.
You can adapt the password to a unique password for each of your accounts by merely adding a few letters to distinguish each account. So, for instance, your Amazon password can be IDon'tLikePasswords!!!AMA.
This manner of picking passwords will provide you with unique, strong, and easily remembered passwords for each of your accounts.”
Maddie Roderick, Security Consultant at Frontier Business
“Bots are able to check up to 1,000 passwords per second, so it’s essential to get creative with passwords to secure sensitive information, like your bank login.
My favorite advice to give when it comes to choosing secure passwords is to think of a phrase — maybe a favorite quote from a movie. Instead of the phrase, use the first letter of each word in that phrase.
To anyone but you, that password will seem nonsensical, be harder to guess, and harder to remember.”
Jason Nickola, Senior Security Consultant and COO at Pulsar Security
“The conventional password guidance which has permeated corporate environments and commercial products over the last thirty years has been to use at least eight characters and to include at least one uppercase, lowercase, number, and symbol.
In other words, the focus has been on complexity (including different kinds of characters). These requirements have caused people to choose short words that they remember — like their dog's name — and then add numbers and symbols until complexity requirements are met, resulting in something like Scooby#2, which is an easy password to guess even if an attacker has to brute force all possibilities.
Instead, emphasizing length is a better approach. For example, the password "my dog scooby is an awesome dog who i love very much" — although it doesn't meet any of the aforementioned complexity requirements — is a much more secure password than Scooby#2 and is easier to remember for the user, too.”
Dan Merino, CEO of Green Dot Security
“Password length can be a great defense against a site that has their database of usernames and passwords breached.
If the site is not doing anything to protect the password, which is rare but does happen, then the length will not make any difference.
However, assuming there is at least some basic encryption of the passwords, the longer the password the less likely anyone will even attempt to try to crack them.”
Steven J. Hausman
“One important resource is the password strength manager at my1login where you can type in your password to see how strong it is.
This site also gives you an estimate of the amount of time it would take for a hacker to crack your password.
The password "4$core&7YrsAg0" would, according to this site, take 12,000 years to crack. If you added "xxx123" to it, then the cracking time would rise to 127 million years and so forth.”
Casey Crane, Cybersecurity Journalist for SectigoStore.com
“While it’s easy to use the same password between multiple accounts, resist the urge!
All it takes is one data breach of your favorite mobile app or website, and you’ll suddenly find yourself in a world of pain.
For example, if you use the same password for your email address, a hacker can use your compromised credentials to access your email and any other accounts associated with it.”
John Svazic, Founder and Principal Consultant at EliteSec Information Security Consultants, Inc.
“Always make sure you use unique passwords for every site. Lots of ‘hacks’ are actually people just re-using the same password over and over again, allowing attackers to gain access to different accounts with very little effort.
The website haveibeenpwned.com is a great place to find out if your email has been part of a data breach, or if a common password you use has been compromised.”
“In reality, you should be keeping any password safe and confidential. It's recommended to change your passwords once a month for any monetary purpose, such as bank accounts, credit card accounts, etc.”
“Historically, industry experts’ recommendations about how frequently you should change up your password have been all over the place — anywhere from every 30 days to upwards of 180 days. Personally, I try to change my passwords every three or so months.
Obviously, if your account has been hacked, it’s best to update it as soon as you’ve become aware.
Similarly, if there’s been a data breach at a site where you have an account, change your password immediately.”
Rob Shavell, CEO of Abine/Delete Me
“It used to be popularly recommended that people change passwords frequently. This is less the case now, as security experts recognize that people often end up creating a greater risk for themselves in the process of frequently re-accessing account security settings.
With things like network passwords, they should probably be changed after you’ve shared them with any third parties (like guests). Things like primary email accounts (like Gmail or Yahoo) should be changed if you’ve received any warnings of attempts to access your account, or if you’ve accessed your email from some public computer (like a library).
Social media accounts or online-shopping (like Amazon) should probably be rotated on a periodic basis. Once or twice a year, depending on how frequently you use these services, should be fine.”
Chelsea Brown, CEO and Founder of Digital Mom Talk
“If you don't use the account often (like monthly), delete it. Often accounts we don't use often are ones that get compromised in a data breach and can be the gateway into compromising us more.”
Larry Aucoin, CTO and Managing Partner of Optimal IdM
“Use two-factor authentication, like a push notification to your mobile phone, when it’s offered. If hackers do succeed in guessing a password, they will still need to breach another level of authentication.”
Dave Hatter, Cyber Security Consultant at Intrust IT
“Everyone should enable multi-factor authentication (MFA) aka Two-Step Verification or Two Factor Authentication anywhere and everywhere they can.
Microsoft and Google have both stated that MFA will block 99 percent of all automated attacks.”
“Use multi-factor authentication wherever you can. Historically, a valid username and password are all that has been needed to login to a system, website, or service.
This presents a security challenge because it is just one factor — something you know — and anyone who is able to guess or find your password in a breach dump will be able to log in, too.
Multi-factor authentication (MFA) adds an additional requirement — generally something you have — on top of knowledge of your password.
Most often this means a notification or code pushed to your phone via an app or text message. Many of the most common services and vendors offer the ability to enable MFA but it is not often enabled by default.
This is probably the most important bang-for-your-buck step someone can take and the one I suggest to the general public most often.”
Bruce Hogan, Co-Founder and CEO of SoftwarePundit
“The best way to create and manage secure passwords is to use a password manager.
There are several highly popular, tested software solutions in the market that work well for individuals and families. Some of the most popular solutions are 1Password, Dashlane, LastPass, and OneLogin.
Here's how these solutions work:
One specific benefit of password managers for families is that you can share log-ins with other people without sharing the actual usernames and passwords.
This feature increases safety and also allows you to control which family members have access to each account.
If the family is interested in additional security measures, they can take advantage of the password generators offered by these solutions. These passwords are extremely strong and unique to each account.”
“If correctly used the password manager would allow individuals to create new and unique passwords for all services and sites while the individual would not even need to know what the password is.
Additionally, within a family, a password manager allows for easy sharing. As an end-user using a password manager means that you should only need the password for the password manager, and it gives you all the other passwords you would need.
Finally, the better password managers will allow for audits of your passwords and bulk changes.”
“With the number of dangers online, it's critical to have a strong and secure Wi-Fi, particularly families. A defense plan is needed to remove any opportunities from cybercriminals and hackers. My first suggestion is to simply build a stronger Wi-Fi router.
Give your router a name, but don't use the name of the manufacturer or your own name or street address. Use a strong encryption method for Wi-Fi like WPA2. Next, I suggest setting up a guest network. This network would only be used by friends or family members — a private network.
I also highly recommend changing the default passwords, as many cybercriminals are already aware of what those are. If a device does not allow you to change the password, I’d consider going with something different. Be sure to make your passwords challenging as well.
I’d recommend changing your Wi-Fii password every three months. It would also be good to get in the habit of doing the same, for all of your sensitive technological devices.”
It’s safe to say that there’s a lot that goes into properly creating, managing, and securing passwords.
Along with the expert tips listed above, here are three additional tips that can help as you and your family start learning and developing good password security habits:
It’s important to review and revisit passwords for your online accounts at least once per year, and conducting a family password audit can help motivate you and your family members to have more in-depth security conversations and stronger passwords.
This audit should involve a thorough review of all of your passwords and should institute a new level of security within your home.
Read this step-by-step guide to learn more about family passwords audits and how they can help you and your loved ones stay safe online.
Knowing what is happening in terms of password trends and data breach news can help you and your family stay safe in this digital world.
It can be tedious to stay up-to-date on the latest data breach and password developments, especially since it can feel like data breaches occur constantly.
Taking the time to stay aware of what is happening around you, can make all the difference in terms of your personal security efforts.
To do this, you can sign up for notifications from various security news outlets and regularly check reliable sources like The Identity Theft Resource Center (ITRC) for the latest security information.
You can also stay in-tune with what major security leaders and companies are saying on their blogs, social media platforms, etc.
You can take your personal security and your family’s security a step further by signing up for professional identity monitoring and protection services like NortonLifeLock, IdentityIQ, Complete ID, etc.
The companies mentioned above and other companies in the industry can provide you with important alerts and updates, identity restoration services, various monitoring services, and up to $1 million in identity theft insurance.
Highlight: Identity theft protection plans for families do exist.
Many identity theft protection services also provide family-based plans to help you protect not only your identity but each one of your loved ones’ identities and personal information as well.
Being proactive when it comes to your personal security can save you and your family a significant amount of trouble, stress, and money.
If you follow the tips listed above, practice proper password hygiene, and have frequent conversations regarding online security and best password practices with your family members, you and your loved ones will have better chances of averting devastating online crimes.
May 7th, 2021
October 1st, 2020
July 8th, 2020
Sign up below to receive a monthly newsletter containing relevant news, resources and expert tips on Identity Theft and other products and services.