If someone were to come up to you and ask you your password to any of your accounts, you’d probably think they were crazy and tell them, “No way!”  But, could they still gain access to your account?  It might take a lot less time and work than you think. 

Password security is vitally important to our own personal and online security.  Just as you would secure your home or car with a lock and key, we must secure ourselves online.  If someone gains access to the passwords that are keys to our accounts, they can gain access to our accounts and the information within them.  Hopefully, we realize that a password; such as, Password or 1234 should never be used.  Even using Password1234 isn’t secure!  But, with many accounts requiring complex password rules – like using a combination of upper and lowercase letters, numbers, and symbols – password security seems to be more of a mythical creature than something real. 

Our passwords  – or passcodes and passphrases – often reflect or include information (or a combination of information) about us: our favorite sports team, birthdate/year, favorite pet’s name, or other information unique to us.  We typically use passwords that are easy to remember…we don’t want to have to write them down only to have someone else find them.  Yet, because our passwords may include information unique to us, we may be freely – and unknowingly – giving away clues that could tell someone what our password is or the answers to password security questions that could allow someone to change your password. 

Do your social media accounts include your birthday? If so, your password should not.  Can someone tell what school you go to? If so, your school name and/or mascot wouldn’t be a strong password or security question.  Do you often talk about your favorite sports team or player? If so, including them in a password wouldn’t be wise.  Can you search online and find the name of the street you grew up on or your mother’s maiden name?  If so, you won’t want to use these as answers to security questions.

We also don’t want to use the same password for multiple accounts.  Remember, it doesn’t matter how secure your password is if someone accesses account information from within – or through a data breach – of the company with which you have the account.  When this happens, now your username and password are known and, if you use the same username and password for multiple accounts, your other accounts can be vulnerable.

Here are some guidelines for keeping your accounts secure:

  1. Don’t use common passwords (e.g., Password), sequences (e.g., 12345 or aaaaaa), or passwords that were previously breached
  2. Don’t make your passwords so complex that you have to write them down – consider using a 3 – 4 word passphrase and change letters to numbers and symbols (e.g., use BiscuitsSausage&Gravy but change to B!scu!tsS@us@g3&Gr@vy)
  3. Secure your password security questions – consider writing your own questions that aren’t public knowledge (e.g., Your favorite childhood stuffed animal)
  4. Use different passwords for different accounts
  5. Always think about the information you post or include in profiles and if it could be used to gain access to your accounts