6 do’s and don’ts for online passwords

By John Harris

​Cybersecurity spending in the U.S. is expected to exceed $1 trillion between 2017 and 2021, according to Cybersecurity Ventures. As the cost of protecting online data continues to rise, many users are ignoring the first line of cyber defense: passwords.

Passwords are used to guard the most sensitive data, from credit card and bank account numbers to health and legal information. When users neglect their passwords, their data is at risk of being retrieved by cyber criminals. In fact, 63 percent of data breaches involve weak, default or stolen passwords, per Verizon.

Government offices and agencies aren’t immune to being hacked. In many cases, cyber criminals may target government accounts specifically because they contain such high-value information. So how can you protect online data? Follow these six do’s and don’ts for password security:


  1. Create strong passwords. It may sound simple, but this is one of the primary ways you can protect your online accounts. By using many different characters, numbers and symbols to make a complex password, hackers will have a much harder time breaking into your accounts.

  2. Enable 2-step verification. Also known as multi-factor authentication, this is a security method that requires users to verify their identity twice. It combines something you know (such as a username and password) with something you have (such as a mobile device that receives a one-time passcode) or with something you are (such as a fingerprint). Adding this extra layer of security helps ensure authorized users are the only ones able to access the account.

  3. Change your passwords often. It’s important to update passwords regularly to prevent hackers from spying on your accounts over an extended period of time, especially for email and online banking. According to Entrepreneur, 47 percent of people use passwords that are at least five years old, increasing the chance their passwords could be or already have been cracked and their accounts are being monitored.


  1. Don’t reuse the same password. Internet users have many different online accounts, but most of them rely on the same few passwords to access all of them. On average, people only use six unique passwords to protect 24 accounts. If one account is hacked, the cyber criminal behind the breach now has your password to a number of different accounts, leaving you vulnerable to an attack on more than one front.

  2. Don’t share passwords. This may sound like common sense, but many people frequently share their passwords with friends, family or coworkers. In a study of over 1,000 internet users, 95 percent reported that they share up to six passwords with others. And because many people reuse the same passwords for different accounts, the people you’ve shared passwords with could now have the credentials to other accounts you didn’t intend for them to have.

  3. Don’t use simple passwords. In a list of over five million stolen passwords from 2016, the most common was “123456,” followed by “password.” Using simple words or number combinations like these are not enough to keep hackers out of your accounts. And even though you should incorporate different symbols and numbers in each password, using a variation of a common word, such as p@$$w0rd, won’t make the cut when it comes to protecting your online information.

By implementing these guidelines for your passwords, you can better protect your online presence and reduce your risk of becoming the next victim of a data breach.


John Harris is the chief technology officer at U.S. digital signature company SIGNiX.



To get connected and stay up-to-date with similar content from American City & County:
Like us on Facebook

Follow us on Twitter
Watch us on YouTube

Please or Register to post comments.

What's Viewpoints?

It features the Editor's Viewpoints and contributed commentaries.


Derek Prall

Derek Prall is a professional journalist who has held numerous positions with a variety of print and online publications including The Public Manager magazine and the New Jersey Herald. He is a 2008...

Jason Axelrod

Jason Axelrod is an award-winning journalist who has reported for The Seattle Times, The Arizona Republic, the Phoenix Business Journal and Mother Nature Network, among other outlets. Jason...
Blog Archive
We use cookies to improve your website experience. To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy. By continuing to use the website, you consent to our use of cookies.