Skip to main content


How to Develop Good Password Hygiene

Online transactions are a part of our everyday lives which makes practicing good password hygiene imperative. But, how? For starters, you can safeguard your passwords or passphrases by ensuring they are: 

• Long
• Unique between websites and services
• Never shared
• Stored in a password manager

It can be inconvenient at times, but when the password is the only thing separating SOMEONE ELSE from accessing YOUR accounts, perhaps making a little more effort is an acceptable trade-off.

Most people have several online accounts, and chances are the same password has been used across at least one of those accounts. This practice increases the risk that your account will be compromised. The risk-scenario is most often realized when one of those services or websites has lost control of its own passwords (commonly known as a breach). Those lost passwords include YOUR password. When this happens, the set of credentials lost will be sold, traded, or posted publicly. It is only a matter of time when the credentials on a list is tried against popular sites and may expose your accounts. The term for this technique is called “credential stuffing” and is incredibly successful!

So, how do you defend against this real risk?

1. Never reuse passwords across websites or services. Change your accounts to have unique passwords now!

2. Be aware of where you type your credentials. Logging in after clicking a link from an email requires a huge amount of caution. Remember that credential theft is one of the primary targets of phishing emails.

3. Use a second factor to login when it is offered. This goes by many names - multi-factor authentication (MFA), 2-factor authentication (2FA), or two step authentication.

Adequately securing your accounts online should be as important to you as locking your home or vehicle. It does not guarantee protection, but it is an easily managed safeguard against intruders.