Even though weak, reused and compromised passwords are the cause behind many breaches, people continue to display pretty risky password behavior. In fact, we’ve found that 91% of people know that using the same password for multiple accounts is a security risk, but 59% admitted that they do it anyway.
So, you know you need to change your passwords to make sure each one is strong and unique. But it’s easier said than done. If you’re like the average LastPass user with nearly 200 accounts to keep track of, changing them all at once can seem like a daunting task.
In honor of #ChangeYourPasswordDay, we wanted to share some practical steps you can take to change your passwords and in doing so, improve your online security.
Store your passwords in a password manager.
This one seems obvious. But there is no way to have hundreds of accounts with unique passwords, if you don’t have somewhere secure to store them. If all of your accounts are in your LastPass vault, you know exactly what accounts you have, what their passwords are and that you can update them easily.
Audit your passwords
Run the LastPass Security Challenge to see which of your accounts have weak or reused passwords. This will give you a good place to start when changing passwords.
Prioritize sensitive accounts
After you’ve changed your passwords for accounts with weak or reused passwords, the next step is focusing on sensitive accounts. These are sites like banking, email, social media, medical records, taxes, etc. Anything that has sensitive personally identifiable information (PII) such as social security numbers, credits cards, etc. Your email is especially important because this is often used to reset accounts when you are locked out. If someone can access your email, they can reset your other accounts.
Turn on multi-factor authentication
Multi-factor authentication is one of the best ways to prevent your accounts from being compromised. Anyone who accesses your account not only needs your username and password, but they also have to provide an additional form of identification – like a fingerprint or a code that was emailed or texted.
Make it yearly
Once you have all have updated your accounts with unique, strong, complex passwords, there is no need to update them all the time, unless one of your sites experiences a breach, of course. Aim to do an audit of your passwords 1x a year (like on #ChangeYourPasswordDay) and you’ll be good!
We hope you take advantage of #ChangeYourPasswordDay by following these steps. You’ll be glad you took the extra time to make yourself safer online.