Man looking at phone with laptop

Improving Password Habits

Security quiz: What’s your email password? How about your bank, Amazon and Facebook passwords? If you can recall all of them, your accounts may be at risk.

A 2016 survey described US employees as “drowning” in passwords: The average respondent had a whopping 1911. These days, passwords are required for everything from frequent-flyer programs to toothbrush subscription services, and many are linked to accounts that contain valuable financial and personal information. Criminals breach millions of records daily, and trade/sell them in an underground business. And here’s the crucial fact: If you’re among the 59 percent of people who reported that they reuse passwords across multiple accounts2, a hack at the toothbrush company doesn’t just mean someone orders extra refills on your dime; it means hackers can try that login for your email, bank account and other password-protected sites where you use the same ID.

Don Boian, Chief Information Security Officer at The Huntington National Bank, has witnessed the aftermath of major breaches at other companies. “We block a lot of hacker traffic that comes at us a short period of time after breaches at other sites. The hackers try all the [stolen] user names and passwords from those sites.”

The first rule of online security today is that all passwords should be significantly different. (Notice the word “significantly:” basic tricks can be easily guessed.) The second rule is that passwords should be complicated3. (Crooks use software that can make millions of guesses per minute, so simple passwords crack quickly.) Unfortunately, a recent survey says that although almost 90 percent of us know that password hacking is a threat4, only half of us have changed a password in the past 12 months5.

Why You Should Care About Your Passwords

Hackers know that: 1) we are bad at creating complex passwords and 2) it often takes only one compromised login to get access to multiple accounts. “The same way you get up and go to work every day, thousands of people around the world get up every day and work at getting your data,” says Chuck Peirano, Chief Fraud and Security Officer at Huntington.

Damage from a stolen password isn’t limited to a fake credit card charge that you can get reversed. Hackers can assemble stolen data from multiple breaches into one profile, which makes it much easier for them to steal your identity and wreak real havoc—in real estate alone, there could be mortgages taken out in your name, or a wire transfer hijacked during a close of sale. If someone gets into your email, they could send people on your contact list scam emails that look like they’re from you. 

“You might never anticipate the damage one weak password may cause,” says Mark Burnett, a security consultant and author of the book Perfect Passwords: Selection, Protection, Authentication.6

Improve your password security

Are you a feeling a case of password anxiety coming on? Here’s the good news: The solution isn’t to worry about passwords more, it’s to worry about them less, by following a few basic rules. Read on to find out:

  1. What actually makes a strong password
  2. How often you really need to change your passwords
  3. How password manager apps can do the work for you
  4. Why a few other security measures (already at your fingertips) are worth the trouble

Is your password secure?

Check your password's strength against millions of known passwords with the Carnegie Mellon password meter.

Please note that any information you input is not stored or shared. A username is not required to check a password’s strength.
Visit the Password Meter

1 “The Password Exposé: 8 truths about the threats –and opportunities –of employee passwords,” LastPass, page 8 and 9.
2 “The Psychology of Passwords: Neglect is Helping Hackers Win,” LastPass, Page 7.
3 “Choose better passwords with the help of science,” The Conversation, Lorrie Cranor, 8/30/2017. 
4 “The Psychology of Passwords: Neglect is Helping Hackers Win,” LastPass, Page 4.
5 “The Psychology of Passwords: Neglect is Helping Hackers Win,” LastPass, Page 15.
6 Mark Burnett, E-mail interview, 4-25-18.

Third-party product, service and business names are trademarks and/or service marks of their respective owners.

Still Have Questions?

If you can’t find what you’re looking for, let us know. We’re ready to help in person, online or on the phone.

Call Us

24 hours a day, 7 days a week.
(800) 480-2265