Social Media Adviser

8 tips for keeping your passwords safe on social media, the web and in apps

If you're like millions of Americans, it could be a matter of when, not if, someone gains access to your accounts

Apr 24, 2017 @ 10:16 am

By Scott Kleinberg

First you log into your favorite social media platforms, then you give careful thought to what you want to share. Hopefully you check spelling and grammar, and make every post count.

But how much thought do you give when you are logging in, specifically, when you're typing in your passwords? How secure are they? My well-educated guess is not secure enough. If they contain your birthdate or significant other's name they might even be dangerously unsecure.

The last thing you ever want is for someone to gain access to your accounts, and that goes for social media and anything else you do online. But if you're like millions of Americans, that could be a matter of when, not if.

For the past several years, SplashData, a leading provider of security applications and services, has released its list of worst passwords. The number one and number two worst passwords in 2014, 2015 and 2016 were "123456" and "password." Let's be clear: Those aren't passwords. Those are dreams for hackers and identity thieves. And that's how people are securing their most important content.

The rest of the list of 25 is just as painful to read, so I'll spare you. (Football? Welcome? REALLY?) But take it from someone who has spent years securing accounts for major brands when I say it's important to have secure passwords and a plan for keeping them that way.

As financial advisers, you spend so much time making sure your clients heed your valuable advice. With that, I'd like to return the favor with my top tips for keeping your content and data safe for social media, on the web and in apps.

• It's not about convenience.

Good, secure passwords shouldn't be easy to remember. If your LinkedIn account gets hacked, I'll bet you a cup of coffee — the expensive kind — that you'll spend more time trying to get the problem resolved than you would have if you would have taken a few minutes to come up with a strong password in the first place.

• Always keep your browser up to date.

The latest ones not only offer to choose a random secure password for you, they'll store it in your computer's keychain so you don't have to type it every time.

• Or go the DIY route: Google the words "strong random password generator."

Results will include several websites that will choose a password for you. You can choose the strength and number of characters. There are different schools of thought on how much is too much, but I recommend at least 16 characters consisting of a mix of upper and lowercase letters, numbers and symbols. Most of these websites explain that anything 16 characters and more is strong, while 15 or fewer is weak.

• Your passwords are valuable, so treat them that way.

I recommend a locked/secure spreadsheet online. I once met someone who kept a handwritten list in a safe deposit box. Both very smart.

• Never use the same password for multiple websites.

Your LinkedIn password should not be the same or close to the password you use to log into your credit card accounts. Remember: Easy isn't the goal here. Put it this way: If you use the same password for 25 websites and someone guesses it, 25 websites have the potential to be compromised. It doesn't mean it will happen, but do you really want to take that chance?

• Use two-factor authentication or multi-level protection.

You know those sites that text to your phone a code that you need to enter before you can log in? That's for your own good and an excellent way to keep prying eyes out. If you deal with websites that offer this level of protection, take full advantage.

• Consider a password manager.

There are many software options available to help you store and organize passwords. The beauty of a good password manager is the passwords are encrypted under one main very strong password. So instead of logging in to each thing, there's just one.

• You should still change your passwords — even secure ones.

Nothing is worse than 123456 or qwerty, but never changing your passwords isn't wise either. My rule of thumb is to change passwords every year. Some prefer to do it twice a year when Daylight Saving Time begins and ends. Change the batteries in your smoke detector, change your passwords. Just make sure you remember to update your spreadsheet/lists.

You can accomplish all this in about 15 minutes. If we can spare 15 minutes to save money on our car insurance, surely we can spare 15 minutes to secure our digital footprint. And while you may never be a victim of hacking or identity theft or even a suspicious login attempt, do you really want to take that chance when the solution is this simple?

If you have a social media question or an idea for a column topic, or if you have thoughts about this column or any previous ones, please let me know. Tweet them to me with the hashtag #socialmediaadviser or email me at

And remember to follow me on Twitter at @scottkleinberg.

Thanks for reading Social Media Adviser.


What do you think?

View comments

Recommended next

Upcoming event

Oct 22


San Francisco Women Adviser Summit

The InvestmentNews Women Adviser Summit, a one-day workshop now held in six cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print