It’s Officially Time to Stop Using the Same Password for Every Account

Between March 2016 and March 2017, Google detected 1.9 billion usernames and passwords exposed via data breaches and traded on black market forums. They then found that up to 25% of those passwords exposed and traded match a victim’s Google account. The case study also stresses that because most people use the same password across multiple accounts, it makes it extremely easy for more than one account to get hacked after one is breached. How can you protect yourself?

To help secure your online accounts, consider the following tips:

  • Use a unique password for each important account. Use a different password for each of your important accounts, like your email and online banking accounts. Re-using passwords becomes a potential risk. If someone figures out one password, they can quickly gain access to all of you accounts.
  • Use a mix of letters, numbers, and symbols in your passwords. Using numbers, symbols and mix of upper and lower-case letters in your password makes it harder for someone to guess your password. For example, an eight-character password with numbers, symbols and mixed-case letters is harder to guess because it has 30,000 times as many possible combinations than an eight-character password with only lower-case letters.
  • Don’t use personal information or common words. Create a unique password that’s unrelated to your personal information and uses a combination of letters, numbers, and symbols. For example, you can select a random word or phrase and insert letters and numbers into the beginning, middle, and end to make it more difficult to guess.
  • Make sure your backup password options are updated. Update your recovery email address regularly so that you can receive emails in case you need to reset your password. Many websites will also give you the option of answering a security question if you forget your password.
  • Keep your passwords secure. Don’t leave notes with your passwords to various sites on your computer or desk, where people can easily steal them and use them to compromise your accounts. If you choose to save passwords in a file on your computer, create a name for the file that won’t give it away.
  • Opt-in to two-factor authentication when available. Two factor authentication is a two –step login process that provides you with an extra layer of security. In addition to a password requirement, the user will be required to provide a piece of information only they have such as a text message or phone call with an additional code.

Source: BBB of North Alabama and Research at Google

For more information, visit There are 1.9 Billion Stolen Passwords and Usernames Available on the Black Market, and up to 25% of Them Will Still Work on a Google Account and Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials

To report a scam, go to the BBB Scam Tracker. To find trustworthy businesses, go to