It’s Time to Get Serious (and Smart) About Passwords

While it’s hard to believe in this day and age, some people still use the word “password” for a password. Alarmingly, it was still reported as one of the most commonly used passwords in 2020. Security for your digital information—whether it’s your bank account, your favorite online shopping store or your library account—starts with you.

A lot of people develop patterns for their passwords that lean heavily on their personal experiences, using variations of their names, birthdays, children’s names and other things that are easy to remember. Those patterns can become predictable, and the more predictable they are, the more susceptible they are being hacked. If your credentials are compromised on one account, that information can be shared with other hackers to try to access other, more important accounts. Scammers collect data from various data breaches and use automated tools to attempt to gain access to accounts through a cyberattack known as credential stuffing.

While credential stuffing attacks aren’t very successful statistically, the increase in the volume of them means consumers need to take better care of their online credentials. Here are 10 things you can do to fortify online accounts with stronger login credentials.

1. Update your username with a unique ID, different from other accounts. We strongly recommend you make the new username longer than eight characters and include numbers and a special character.

2. Always use a unique password for each account you create. The risk with reusing passwords (and usernames) is that as soon as one site has a security issue, it’s very easy for hackers to try the same username and password combination on other websites.

3. Don’t use personally identifiable information in your passwords. Names, birthdays and street addresses may be easy to remember, but they’re also easily found online and should always be avoided in passwords to ensure the greatest strength.

4. Make sure your passwords are at least 12 characters long and contain letters, numbers and special characters. Some people prefer to generate passwords that are 14 or 20 characters long.

5. If you’re creating a password that you’ll need to remember, try using phrases or lyrics from your favorite movie or song. Just add random characters, but don't replace them in easy patterns.

6. Avoid using similar passwords that change only a single word or character (such as going from “!LoveMYbank1” to “!LoveMYbank2”). This practice weakens your account security across multiple sites.

7. Change your username and passwords when you have reason to, such as after a website has had a breach or if it’s been over a year since you last changed it.

8. You should never share your passwords, especially not via email or text message.

9. Use two-factor authentication tools that verify your identity via codes, fingerprints or facial recognition.

10. Frequently monitor your accounts to quickly report signs of suspicious activity.

With so many accounts, a password management tool can be a big help to make this easier. Here’s a recent list of preferred password management tools from PC Magazine, so find one that works for you and your needs.