How to Change Your Password

We need passwords for just about everything anymore. A fear my next toaster will require me to sign in and agree to terms before I can toast a bagel.

Here are a few tips to keep yourself protected:

1) Don’t reuse passwords.

It’s true, keeping track of all those passwords is tough. At a bare minimum, you probably have online accounts with Facebook, Google, your bank, your email, and your website admin. And many of you will also have Flickr, Twitter, Pinterest, Amazon, eBay, LinkedIn, Spotify, Foursquare, etc. My personal password manager keeps track of more than 300 logins.

But if you use the same password across multiple accounts, that means the weakness of one service becomes a weakness for all the services you use. Suppose you have a really strong password like le8'a6[Nwva7Y)lq/RSy that you use everywhere. If just one of your accounts gets hacked, then it is only a matter of time before the hacker uses that to gain access to your other accounts.

2) Don’t use common passwords.

If you can find your password in the dictionary, don’t use it. Those passwords are the easiest to guess. Remember, we’re not worried about a person sitting at a computer trying these passwords one-by-one, we’re worried about bot-attacks which can try thousands of passwords per second.

If your password is one of these 25 most common passwords, don’t use it, and change it immediately: password, 123456, 12345678, abc123, qwerty, monkey, letmein, dragon, 111111, baseball, iloveyou, trustno1, 1234567, sunshine, master, 123123, welcome, shadow, ashley, football, jesus, michael, ninja, mustang, password1
(More information about that list)

You should also make sure that your password isn’t your username, real name, email address, or some combination thereof. Children’s and pets’ names should be avoided too.

3) Try a pass-phrase

We have been conditioned to not use spaces in our passwords (I’ll admit that I often don’t), but this is a great way to use a strong password that is easy to remember.

4) “Retire” old passwords

If a password has been in use for a while, it might be time to retire it. In case a site was compromised, changing your password regularly will help ensure that the password that someone else has is out-of-date by the time they try to use it.

5) Find a system

Your system might be to find a tool like 1Password or LastPass to keep track of your various passwords (as well as storing other secure information). Or you might want to use some sort of naming convention to make it easier to remember your passwords (for example, having a base password like “myDogHas3Legs” and prefix it for the site like “facebook-myDogHas3Legs”).

The important thing is to pick whatever method works best for you.

Ready to change your password?

Here’s how to change your password:

6) Bonus: Watch out for those security questions!

A good password is worthless if a hacker can reset it by answering a security question or two. You wouldn’t give your password out, but sometimes we don’t think twice about leaking information like where you were born, your first pet’s name, or the street you grew up on. So be mindful that security questions are a second point of entry, and should be just as difficult to get past as your password.