Social Media Adviser

8 tips for keeping your passwords safe on social media, the web and in apps

If you're like millions of Americans, it could be a matter of when, not if, someone gains access to your accounts

Apr 24, 2017 @ 10:16 am

By Scott Kleinberg

First you log into your favorite social media platforms, then you give careful thought to what you want to share. Hopefully you check spelling and grammar, and make every post count.

But how much thought do you give when you are logging in, specifically, when you're typing in your passwords? How secure are they? My well-educated guess is not secure enough. If they contain your birthdate or significant other's name they might even be dangerously unsecure.

The last thing you ever want is for someone to gain access to your accounts, and that goes for social media and anything else you do online. But if you're like millions of Americans, that could be a matter of when, not if.

For the past several years, SplashData, a leading provider of security applications and services, has released its list of worst passwords. The number one and number two worst passwords in 2014, 2015 and 2016 were "123456" and "password." Let's be clear: Those aren't passwords. Those are dreams for hackers and identity thieves. And that's how people are securing their most important content.

The rest of the list of 25 is just as painful to read, so I'll spare you. (Football? Welcome? REALLY?) But take it from someone who has spent years securing accounts for major brands when I say it's important to have secure passwords and a plan for keeping them that way.

As financial advisers, you spend so much time making sure your clients heed your valuable advice. With that, I'd like to return the favor with my top tips for keeping your content and data safe for social media, on the web and in apps.

• It's not about convenience.

Good, secure passwords shouldn't be easy to remember. If your LinkedIn account gets hacked, I'll bet you a cup of coffee — the expensive kind — that you'll spend more time trying to get the problem resolved than you would have if you would have taken a few minutes to come up with a strong password in the first place.

• Always keep your browser up to date.

The latest ones not only offer to choose a random secure password for you, they'll store it in your computer's keychain so you don't have to type it every time.

• Or go the DIY route: Google the words "strong random password generator."

Results will include several websites that will choose a password for you. You can choose the strength and number of characters. There are different schools of thought on how much is too much, but I recommend at least 16 characters consisting of a mix of upper and lowercase letters, numbers and symbols. Most of these websites explain that anything 16 characters and more is strong, while 15 or fewer is weak.

• Your passwords are valuable, so treat them that way.

I recommend a locked/secure spreadsheet online. I once met someone who kept a handwritten list in a safe deposit box. Both very smart.

• Never use the same password for multiple websites.

Your LinkedIn password should not be the same or close to the password you use to log into your credit card accounts. Remember: Easy isn't the goal here. Put it this way: If you use the same password for 25 websites and someone guesses it, 25 websites have the potential to be compromised. It doesn't mean it will happen, but do you really want to take that chance?

• Use two-factor authentication or multi-level protection.

You know those sites that text to your phone a code that you need to enter before you can log in? That's for your own good and an excellent way to keep prying eyes out. If you deal with websites that offer this level of protection, take full advantage.

• Consider a password manager.

There are many software options available to help you store and organize passwords. The beauty of a good password manager is the passwords are encrypted under one main very strong password. So instead of logging in to each thing, there's just one.

• You should still change your passwords — even secure ones.

Nothing is worse than 123456 or qwerty, but never changing your passwords isn't wise either. My rule of thumb is to change passwords every year. Some prefer to do it twice a year when Daylight Saving Time begins and ends. Change the batteries in your smoke detector, change your passwords. Just make sure you remember to update your spreadsheet/lists.

You can accomplish all this in about 15 minutes. If we can spare 15 minutes to save money on our car insurance, surely we can spare 15 minutes to secure our digital footprint. And while you may never be a victim of hacking or identity theft or even a suspicious login attempt, do you really want to take that chance when the solution is this simple?

If you have a social media question or an idea for a column topic, or if you have thoughts about this column or any previous ones, please let me know. Tweet them to me with the hashtag #socialmediaadviser or email me at

And remember to follow me on Twitter at @scottkleinberg.

Thanks for reading Social Media Adviser.


What do you think?

View comments

Recommended for you

Sponsored financial news

Upcoming Event

Mar 15


A Fintech Buyer’s Guide for Advisers

Are you ready to invest in technology? Heres everything you need to know before spending a dollar.Many advisers have embraced the value of digital tools to improve their firm, and are ready to invest in new technology to continue their... Learn more

Featured video


Diversity & Inclusion Awards: 2018 nominations are open

Editor Fred Gabriel and special projects editor Liz Skinner discuss the nomination process for InvestmentNews' inaugural Diversity & Inclusion awards.

Latest news & opinion

Cetera reportedly exploring $1.5 billion sale

The company confirmed it's talking to investment bankers to 'explore how to best optimize [its] capital structure at lower costs.'

SEC Chairman Jay Clayton outlines goals for a new fiduciary standard

Rule should provide clarity on role of adviser, enhanced investor protection and regulatory coordination.

Advisers bemoan LPL's technology platform change

Those in a private LinkedIn chat room were sounding off about fears the independent broker-dealer will require a move to ClientWorks before it is fully ready.

Speculation mounts on whether others will follow UBS' latest move to prevent brokers from leaving

UBS brokers must sign a 12-month non-solicit agreement if they want their 2017 bonuses.

Maryland jumps into fiduciary fray with legislation requiring brokers to act in best interests of clients

Legislation requires brokers to act in the best interests of clients.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print