The advice sometimes seems pious and boring – “Practice Password Security” or “Use Strong Passwords.” It is hard to go for long browsing the internet without seeing some form of this advice. The reason is simple: lost, stolen or hacked passwords are the cause of misery ranging from false postings on sites like Facebook to large-scale economic loss and even identity theft. This can start a chain of events that takes months or years to correct.

While the strength of your passwords is an important issue, many security breaches occur because of device loss. Lock all the devices that have your password information (require a password to open them). This advice applies to fixed-position devices like desktop computers, but especially to mobile devices that are carried with you. If your cell phone, tablet or laptop computer is stolen or lost, the person who comes into possession of this device may have access to your password-protected accounts. Think about this- if your cell phone is lost, is your operating system locked? If not, anyone can start the device and begin browsing, assuming that the browser is not password protected. If your browser has been set to autofill passwords for your accounts, then they are wide open.

Of course, if your mobile device is lost or stolen, you should immediately take measures to block unauthorized access to its contents, including passwords. If you have thought ahead, your device is protected by a PIN, password, “gesture” or even a biomarker like a fingerprint. In any case, you should use the proper account to disable the phone or other device. This will be the Google account settings for Android phones or the Apple settings for iPhone users.

Many popular sites now allow you to login using your Google or Facebook account. Think carefully about it before using this service, realizing that anyone with your Facebook or Google passwords also has access to these sites. When you do this, you are also giving Facebook or Google more information about you than they already have, and you are sharing information from your social media account with this new site.

Decide which of your accounts are “high security” and which are not. Ideally, all accounts would be perfectly protected, but an account or website that contains pictures of your cat is not as important as one that holds your banking information, tax records or health data. A much higher standard of password security should be applied to those vital accounts. That higher level of security will mean some initial inconvenience, but this can be managed. Most individuals will have a limited number of such high-security sites, perhaps only one or two that are used frequently. It will mean that you never use the same password for any two vital accounts, the passwords used are highly secure and only you or a trusted loved one know them or how to get them.

How do you go about inventing and remembering a high-security password? Password generators are very good at producing random strings of symbols like this @W-tNAzx?}crp3^u. However, few people could manage to remember this password. One solution might be to convert a sentence like this, “Summer is my #1 season!” into a password like this- SummerIsMy#1Season! Most people could remember this relatively secure password.

Here are some general rules for password creation and storage-

  1. Don’t use easily guessed or cracked passwords like “12345678” or, worst of all, “password.”
  2. Length is important. The longer a password is, the less likely it is to be cracked.
  3. Use different passwords; certainly, use a unique password for high-security sites like banking, health information or financial records.
  4. Be wary of single sign-on sites. Think about how secure a site is if it uses your Google or Facebook password.
  5. Password managers securely store and remember your passwords. These are tools that store and protect passwords and can also create secure passwords. Your passwords are kept within an encrypted file that can only be opened with a master password. This master password should be easy to remember but highly secure. Google the search term “best password managers” and you will see numerous choices. Almost all of them have a limited-feature free version that is adequate for most users. Paid options include features like identity protection or multi-user accounts.
  6. Lock your operating system, device startups and browsers. This means password protecting your Windows or Apple startup and browsers like Chrome or Firefox. This is especially important for mobile devices. It prevents anyone who finds them from discovering stored passwords.
  7. If you are going to use a browser to store passwords, use only one and make it secure with a strong password.
  8. Use two-factor or multi-factor authentication. Instead of just entering a password to log in to your account, you will also need to enter a second piece of information. Sometimes this might be a code sent to your cell phone or the answer to a question you would know. This security feature is available from many sites.
  9. Give yourself an “out.” Advice about this will vary, but for most seniors it is wise to at least share some information with a spouse, child or other trusted loved one. Give them some way to unlock your password vault, operating system, etc. If a senior is suddenly disabled or dies, it may be vital that this information is available to the family.