Passwords might not seem like a big deal in your everyday life, but in reality, they’re what stands between you and countless cyber criminals.
Attention: Data breaches are still a major threat.
According to Forbes, "more than 4 billion records were exposed by data breaches” within the first six months of 2019.
Since passwords play a big part in modern data breach scenarios, reviewing and securing your passwords should be on the top of your family security audit checklist.
When creating passwords, you and your family members might just think it’s easier to use the same or similar password for multiple websites, devices, etc. After all, who wants to have to memorize hundreds of different passwords? No one does.
There are ways you can have strong passwords without having to worry about that. Once you develop the right password-creating system, you won’t have to stress about keeping track of a never-ending list of different passwords.
Password audit steps
In this article, we’ll go over the following steps you can take to conduct a thorough review of your passwords.
- Step 1: Create your list
- Step 2: Review your passwords
- Step 3: Make a list of unique phrases, words, and numbers
- Step 4: Create your new passwords
- Step 5: Determine your password storing method and set your passwords
- Step 6: Get your family started
When conducting a family-based password audit, the first thing you should do is lead by example. This means reviewing your individual passwords first.
Step 1: Create your list
To start, try physically writing down your most-used websites and accounts on a piece of paper. Then, add in the most important websites and accounts if they are not already part of your most-used list.
At this point, you should have a lengthy list of websites. If you don’t have a solid list yet, try viewing your browser history and think of the websites you have used in the last three months or so.
You can also check your email for ideas or to see if you have any digital receipts from websites you’ve purchased items from in the last few months.
Additionally, you can check your bank accounts or credit card statements to see if you’ve made any online account purchases in the last few months from websites that aren’t already on your list.
Step 2: Review your passwords
Once you have your list of websites finished, review the passwords you use for each website and online account. If you can’t remember some of these passwords, make sure to make a note of that next to the website or account name.
If you have extra time, you can try to visit the websites you can’t remember your passwords for and see if they have a recovery password option. If the only option they have is to reset your password, make a note and refrain from resetting it at this time.
Try to look for your password weak points. For example, maybe you use the same password for multiple accounts, knowingly shared a password with others, or maybe you use your birthday or your name in your passwords.
Step 3: Make a list of unique phrases, words, and numbers
When you’ve determined what your password weaknesses are, your next step is to create three lists — one for unique keywords, one for unique phrases, and one for unique number sequences/dates.
If you can, try coming up with at least five items for each list. Here are a few examples of unique keywords, phrases, and numbers you can write down:
- Keywords — your childhood best friend’s nickname, your first pet’s name, etc.
- Phrases — a recurring fun phrase a relative always said to you, a unique inside joke between you and your significant other, what you first said when you graduated from college, etc.
- Numbers/dates — your secret lucky number, your first dog’s birthday, the day your first relationship started, etc.
Marcus Chung, CEO of BoldCloud, states that “any part of your name, birthday, Social Security number, or similar information for your loved ones is a bad password choice.”
So, when you are making your three lists, make sure to think about what is unique to you that most people would never be able to guess.
Pro tip: Make sure to not choose any numbers, keywords, or phrases that match up with what you’ve posted online, i.e. your social media accounts, blog, etc.
Step 4: Create your new passwords
Use the lists you created in step three to generate unique password combinations.
Do not use one password more than once per website. If you run out of good password ideas, try creating more combinations from the phrases, keywords, and numbers you have listed.
Stephen Arndt, President of Silver Linings Technology, believes that “a good password should be at least eight characters long (or longer) and have a combination of uppercase and lowercase letters, numbers, and symbols that are hard to guess.”
He says it’s best to avoid using “dictionary words with proper capitalization because they’re easy to guess (like Password123#).” Arndt explains that “even though it meets the requirements we just discussed, it’s easily hacked. Remember, hackers have sophisticated password-hacking software that will run 24/7/365.”
If you want a quick tip for remembering your new password, Arndt suggests that you use a “phrase and insert letters and numbers into it, like [email protected]”
Step 5: Determine your password storing method and set your passwords
Now that you have your different password combinations created, determine which secure password storing method you want to use.
If you have a strong password sequence that can be changed per website and that is something unique to you and easy for you to remember, you can just keep that in your memory.
If you have multiple passwords, you can either use a password notebook or use a secure password manager service like LastPass.
Chelsea Brown, Security Analyst, Ethical Hacker, and Owner of Digital MomTalk says that “password generators are good, but can be difficult to remember for some. You can use a password manager like 1Password, LastPass or Dashlane, but be careful where you store passwords.
She states that “many individuals aren't aware that, with browsers like Chrome and Firefox, hackers can use your browser account to access all of your passwords that your browser has stored. This can be done without even infecting your computer with a virus.”
Brown recommends that you should make sure to not “use your browser for password storage.
She explains that “this is one of the biggest reasons why you should always make sure you're logged out of accounts if using public access places like libraries and internet cafés or even friends' houses.”
After you choose your storing method, reset your passwords. Again, never use the same password twice. Once you change your passwords, write down (on the first list you created in step one) the date you changed each password.
Lastly, store this list in a secure location and revisit this list at least once per year and redo this password audit process.
Step 6: Get your family started
After you go through the steps (1–5) listed above, it may be a good idea to take the time to sit down with each individual family member and help them go through this process for their passwords.
If your family members do not want you to help them or if you want to give them privacy regarding their passwords, provide them with the steps above and let them go through the process themselves.
You can always provide them with helpful password resources found online or you can be their first point of contact if they have questions during the process.
Once you and your family have completed the password audit process above, you can choose to take your security to the next level by looking into different identity theft monitoring and protection service options.
Professional identity theft monitoring and protection services can help you catch identity theft before it happens. Additionally, some services provide recovery and restoration assistance in the event that you or one of your family members do become an identity theft victim.
Many identity theft protection services offer solid identity theft insurance and provide several different identity protection and monitoring options, including protection services for the whole family.
Here's a brief overview of three of our top-rated identity theft protection companies — NortonLifeLock, Complete ID, and IdentityIQ.
NortonLifeLock offers identity theft protection and monitoring services to individuals, families, and businesses. This company provides a variety of monitoring services including public records monitoring, financial account monitoring, and credit monitoring.
In addition to monitoring services, NortonLifeLock also offers 24/7 live member support, recovery services, a helpful mobile app, a money-back guarantee, and a Million Dollar™ Protection Package.
See a recent customer review below and read our full NortonLifeLock review to learn more.
Customer Review: Jacob from American Fork, Utah
"Norton has always been our top protection provider. With constant updates and communication, we are alerted of any suspicious activity immediately."
Complete ID, an Experian identity theft protection product, is offered to Costco members for a fairly affordable monthly price. This service includes helpful monitoring services like Social Security Number monitoring, dark web surveillance, non-credit identity monitoring, and child monitoring.
Additionally, Complete ID provides around-the-clock live customer support, up to $1 million in identity theft insurance, and U.S.-based certified identity theft restoration.
Several customer reviews, like the one below, have praised Complete ID's customer service.
Read our full Complete ID review to learn more.
Customer Review: Joseph York from Atlanta, Georgia
"The customer service professional was fantastic! She was knowledgable, professional, friendly, and very helpful explaining what my notifications meant and she provided going forward recommendations."
IdentityIQ provides a number of monitoring services including dark web and internet monitoring, credit monitoring, and more. The company also offers a specific family protection service that involves identity fraud restoration.
In addition to its monitoring services, IdentityIQ also offers up to $1 million identity theft insurance and up to $25,000 for children, U.S.-based fraud restoration, and lost wallet assistance.
Check out the recent customer review below and read our full IdentityIQ review to learn more about what this company has to offer.
Customer Review: Ariel H. from Cleveland, Ohio
"I haven’t had any problems with this service and it helped me get help fixing my credit. Good investment."
The bottom line
Although there is no way to make sure you and your family are 100 percent protected from cyber crimes and identity theft, you can be proactive and help your family avoid falling victim to such threats.
For instance, conducting an annual (or even biannual) family password audit and considering professional identity theft monitoring options can better your family members' chances of staying safe online.
Overall, it's important to make sure you and your family have continual conversations about personal security and that each family member recognizes the importance of creating and having strong passwords.