Social Media Adviser

8 tips for keeping your passwords safe on social media, the web and in apps

If you're like millions of Americans, it could be a matter of when, not if, someone gains access to your accounts

Apr 24, 2017 @ 10:16 am

By Scott Kleinberg

First you log into your favorite social media platforms, then you give careful thought to what you want to share. Hopefully you check spelling and grammar, and make every post count.

But how much thought do you give when you are logging in, specifically, when you're typing in your passwords? How secure are they? My well-educated guess is not secure enough. If they contain your birthdate or significant other's name they might even be dangerously unsecure.

The last thing you ever want is for someone to gain access to your accounts, and that goes for social media and anything else you do online. But if you're like millions of Americans, that could be a matter of when, not if.

For the past several years, SplashData, a leading provider of security applications and services, has released its list of worst passwords. The number one and number two worst passwords in 2014, 2015 and 2016 were "123456" and "password." Let's be clear: Those aren't passwords. Those are dreams for hackers and identity thieves. And that's how people are securing their most important content.

The rest of the list of 25 is just as painful to read, so I'll spare you. (Football? Welcome? REALLY?) But take it from someone who has spent years securing accounts for major brands when I say it's important to have secure passwords and a plan for keeping them that way.

As financial advisers, you spend so much time making sure your clients heed your valuable advice. With that, I'd like to return the favor with my top tips for keeping your content and data safe for social media, on the web and in apps.

• It's not about convenience.

Good, secure passwords shouldn't be easy to remember. If your LinkedIn account gets hacked, I'll bet you a cup of coffee — the expensive kind — that you'll spend more time trying to get the problem resolved than you would have if you would have taken a few minutes to come up with a strong password in the first place.

• Always keep your browser up to date.

The latest ones not only offer to choose a random secure password for you, they'll store it in your computer's keychain so you don't have to type it every time.

• Or go the DIY route: Google the words "strong random password generator."

Results will include several websites that will choose a password for you. You can choose the strength and number of characters. There are different schools of thought on how much is too much, but I recommend at least 16 characters consisting of a mix of upper and lowercase letters, numbers and symbols. Most of these websites explain that anything 16 characters and more is strong, while 15 or fewer is weak.

• Your passwords are valuable, so treat them that way.

I recommend a locked/secure spreadsheet online. I once met someone who kept a handwritten list in a safe deposit box. Both very smart.

• Never use the same password for multiple websites.

Your LinkedIn password should not be the same or close to the password you use to log into your credit card accounts. Remember: Easy isn't the goal here. Put it this way: If you use the same password for 25 websites and someone guesses it, 25 websites have the potential to be compromised. It doesn't mean it will happen, but do you really want to take that chance?

• Use two-factor authentication or multi-level protection.

You know those sites that text to your phone a code that you need to enter before you can log in? That's for your own good and an excellent way to keep prying eyes out. If you deal with websites that offer this level of protection, take full advantage.

• Consider a password manager.

There are many software options available to help you store and organize passwords. The beauty of a good password manager is the passwords are encrypted under one main very strong password. So instead of logging in to each thing, there's just one.

• You should still change your passwords — even secure ones.

Nothing is worse than 123456 or qwerty, but never changing your passwords isn't wise either. My rule of thumb is to change passwords every year. Some prefer to do it twice a year when Daylight Saving Time begins and ends. Change the batteries in your smoke detector, change your passwords. Just make sure you remember to update your spreadsheet/lists.

You can accomplish all this in about 15 minutes. If we can spare 15 minutes to save money on our car insurance, surely we can spare 15 minutes to secure our digital footprint. And while you may never be a victim of hacking or identity theft or even a suspicious login attempt, do you really want to take that chance when the solution is this simple?

If you have a social media question or an idea for a column topic, or if you have thoughts about this column or any previous ones, please let me know. Tweet them to me with the hashtag #socialmediaadviser or email me at

And remember to follow me on Twitter at @scottkleinberg.

Thanks for reading Social Media Adviser.


What do you think?

View comments

Recommended for you

Upcoming Event

Apr 30


Retirement Income Summit

Join InvestmentNews at the 12th annual Retirement Income Summit - the industry's premier retirement planning conference.Much has changed - and much remains to be learned. Attend and discuss how the future is full of opportunity for ... Learn more

Featured video


Do you remember your first client?

Advisers remember their very first client. As the next generation enters the workforce, they want to hear advice from the experts. Our student correspondent, Kaylyn Adams, hits the IMPACT floor.

Latest news & opinion

Raymond James executives call on industry to keep broker protocol

Also ask firms to pay for the administration of the protocol to 'ensure its longevity and relevance.'

Senate committee approves tax plan but full passage not assured

Several Republican senators expressed reservations about the bill, and the GOP cannot afford too many defections.

House passes tax bill, focus turns to Senate

Tax reform legislation expected to have more of a challenge in upper chamber.

SEC enforcement of advisers drops in Trump era

The agency pursued 82 cases against advisers and firms in fiscal year 2017, down from 98 the previous year.

PIABA accuses Finra of conflicts of interest

Public Investors Arbitration Bar Association report slams self-regulator over its picks for board of governors.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print