See the results of our 2022 Personal Finance Study!
9 Easy Ways to Keep Your Passwords Secure
Do you use the same password over and over again as your login credentials? Wait — you may be at risk.
Digital hackers want to crack your passwords and gain access to confidential accounts and data. It’s important to protect sensitive information, like financial records, by creating strong, unique passwords for a variety of accounts. But don’t stop there. Organize passwords in a secure way — with the help of our downloadable password keeper.
Here are nine easy ways to manage your digital passwords.
No. 1: Choose a master password
A master password is used to access other login credentials. Basically, the master password is the key to your safety.
Use a master password to authorize a password manager to do its job — storing and retrieving passwords. You only need to remember a single unique master password in order to secure all other accounts. For instance, if you use a digital storage manager, the master password will unlock the email and password combinations saved for each website.
No. 2: Create a unique password
Many people opt for one password and then reuse it across all of their accounts. Resist the temptation to do this. A password that is easy to recall is likely easy for a hacker to guess.
“Hackers steal your password either by guessing it or taking it from a data breach,” says Porter Adams, a cybersecurity expert based in Washington, D.C.
To prevent this, Adams recommends using a long, varied password for each login. A unique password includes upper-case and lower-case letters, as well as a mix of numbers and symbols. These long, unique passwords are more difficult for hackers to guess.
The best approach is to choose passwords that are a unique, random sequence of lower-case letters, capital letters, numbers, and symbols. Try to avoid using the numbers 0 and 1 and the letters i, L, and O, since these can easily be mistaken for each other. Avoid an easily guessable sequence, such as 123456, and personal information like the name of a relative or pet. For example, "Uj9&r3z!ww2K'' is an excellent password. The letter and number sequence is nonsensical — making it hard to guess. Just don’t use our specific example!
No. 3: Use multiple passwords
Re-using the same password across sites is risky because it means that one compromised account could expose you to attacks on other accounts. The easiest way to prevent this is to use different login credentials across all of your digital platforms.
For example, if you use the same password on a social media account as you do for your bank account, and if the social platform gets hacked, the hackers might gain your password and be able to log into your financial information. One stolen password could lead to a financial loss.
Before creating a new account, ask yourself if the account is high-risk. In reality, you probably don’t have that many important accounts. Email addresses, financial services (such as a bank or retirement account), and primary social media accounts should each have their own unique password.
But for certain sites, some password reuse is okay. For example, a hacker won’t be able to do too much damage if they gain control of a rarely used online gaming account that is not connected to your bank account. So pick a few repeat passwords to use for throwaway accounts with a low level of security concern.
No. 4: Opt for multifactor authentication
It's possible that a hacker will crack your password and try to log in to your accounts. That's where multifactor authentication comes in.
Multifactor authentication is a cybersecurity function in which a user is granted access only after presenting two or more pieces of evidence — referred to as knowledge, possession, and inherence. Ultimately, it adds an extra layer of security.
The most common form of this is 2-step verification. Here’s a useful guide to enabling 2-step verification on several popular services. After you set it up, sign in to your account in two steps with:
- Something you know (knowledge), like a password.
- Something you own (possession), like a phone or email.
No. 5: Write passwords down on paper
“The safest option is to write your passwords on paper, because paper can't be hacked,” Adams says.
Use a password organizer to jot down login credentials offline. This low-tech method can protect against cyber breaches and minimize the chance that a digital hacker gains access to sensitive information.
If your home or office is reasonably secure, write down passwords and lock them away. Don't leave the paper somewhere where people can copy it. It shouldn't be a Post-it note on your monitor or even under your keyboard. Store it in an unmarked folder in your filing cabinet. Unless a burglar infiltrates your location, a password notebook is likely safer than storing passwords in a note or Google Docs. But be careful not to misplace the notebook.
“Be sure to make a backup paper copy in case you lose the first one,” Adams suggests.
No. 6: Use a password manager
One of the most secure ways to store passwords and keep them organized is by using a dedicated digital password manager, which assists in creating and storing complex passwords.
Keep in mind, a password manager can be used for more than email and password combinations.
“The best password managers will also let you securely store notes and other information,” says Charles Thomas, a financial advisor and the founder of Intrepid Eagle Finance.
For instance, to remember the security system code for a relative’s house, enter that information securely into a password manager. A password manager will help you generate, store, and organize unique passwords for anything, whether it’s online or in person.
Looking for a digital password manager? We researched the most popular and highly recommended options to get you started.
Like its name suggests, users only have to remember one password with 1Password. The storage system is secure and can create strong, unique passwords for a variety of platforms. The manager is ideal for both windows and iPhone users.
LastPass is a digital password software that is free, easy, safe, and accessible. It tends to be the best choice for Apple users.
No. 7: Memorize your email address password
What happens if you forget your master password? You’ll be locked out of your accounts. In most instances, you’ll need to activate a password recovery feature that either sends an email or text message to unlock an account. Hopefully, you have your email address password memorized. If not, it’ll be that much harder to unlock your accounts and recover forgotten passwords.
No. 8: Never log in from a public device
Public devices are not secure, especially when it comes to sensitive information. Don’t log in to any account or password manager from a device that you don’t own. For example, if you’re traveling, it’s best to avoid accessing sensitive information from an airport or internet cafe. A public device or open wifi connection is a prime target for hackers. If you don’t trust it, don’t use it.
No. 9: Take action immediately if hacked
If a password has been breached, stolen, or otherwise compromised, then take quick action to ensure your personal information is protected.
Immediately change the compromised password. Review any accounts linked to the compromised password. Look for any damage done by the hacker, such as financial discrepancies in a bank account. If necessary, contact support services for the account to see if there are additional safety measures to take. Finally, monitor the account during the next few days to ensure it is secure.
Did you know that changing your password regularly doesn’t necessarily help protect the account? In fact, when users change their passwords too often, they opt for less secure passwords or reuse the same password across accounts. But it should be the first action taken if you know an account has been hacked.
Take steps to protect sensitive financial information from hackers by creating, managing, and storing passwords securely.
Porter Adams was using the internet to help law enforcement track down missing persons when he realized how easy it is to find personal information online, including leaked passwords. Subsequently, he co-founded Disappear Digital to prevent identity theft by removing your personal information from the internet. His book, “Why Hackers Win,” explains the failures of cybersecurity and how so many things get hacked.
Charles Thomas founded Intrepid Eagle Finance to help Christian families on their journey to find financial freedom. He works with families to achieve goals that balance what’s truly important with their finances. Charles is a Certified Financial Planner™ and holds an MBA from the University of South Carolina’s Moore School of Business.