Did you know that the average adult has 100+ online accounts that require a username and password?
TL/DR: A few of your accounts (usually 6-10) are very important to protect from criminals. Make long (12 – 20 characters), unique passwords for your email accounts, mobile phone, financial, health, and benefits accounts. Financial includes Amazon, PayPal, Venmo, etc.
The others don’t matter much unless you use the same password for important and unimportant accounts. Please, don’t do that.
You have been told to use strong unique passwords for every account.
But the consequences of someone hacking your library card are not the same as someone hacking your bank account. In the first case, you need to straighten things out with your local librarian. In the second case, someone can steal all your money, and your bank will not be obligated to replace it. (Remember – FDIC insurance is there for you if the bank goes bankrupt, not if a criminal gets into your account.) So, while it would be great if you had perfect strong unique passwords for every account, it’s much more important to figure out which accounts matter and start by protecting them with very strong, unique passwords and whatever else those accounts offer for protection. There is no one-size-fits-all solution; it depends on the person and situation.
There is plenty of generally good advice out there, but here’s a 2-pronged approach to start:
1. Think of your accounts in high, medium, and low risk.
Low risk: Yoga studio
Medium risk: Facebook account is at least medium risk because a scammer can use it to get to your friends and family and collect information about you
High risk: All your emails accounts – these are gateways to your other accounts; your phone itself and the Apple or Google account that you use to manage your phone; your online account with your financial, health, and benefits accounts , your online account with any company or agency that sends you money (your job, investment/brokerage accounts, Social Security, pensions, PayPal, Venmo, etc.)
Here are the questions to ask:
- How risky are you if a criminal gets into this account, locks you, and uses it?
- Can they get your credit card or bank info? Place orders using your money?
- Can they see your contacts?
- Will they learn details they can use to pretend to know you?
2. Make a checklist of your high-risk accounts. For each account:
- Set a strong, unique password
- Consider giving a false answer to your security question
- Make sure your PIN is unique too
- Set up email or text confirmation codes
- Consider using an authenticator app if offered
- Consider setting locks on outgoing funds
So, what do we mean by “strong password”?
Again, this depends on you. If you always use password manager software, you may be able to use and generate long, highly complicated passwords with a jumble of numbers, letters, and symbols. If you don’t use a password manager, you are probably better off with a long password in plain English that you can understand. Connecting three unrelated words with dashes (Headlight-Newspaper-Snail), for instance, creates a very strong password.
Did you know it’s better to lie on your security question answer?
This is something cybersecurity experts do that most people don’t think of. They try not to choose a security question with an answer a motivated thief can learn (such as your mother’s maiden name) or guess (such as pizza is your favorite food). If they have no choice, they submit a false answer. This still gives them access to their account and is more secure.
Are you now worried about a Password?
If you know or suspect a password has been stolen, especially to a high or medium-risk account/s, change it immediately, even if it means going through a password reset, which is a hassle. If the email account or username has been changed, contact the company immediately.