5 Best Practices for Username and Password Changes

If you’re about to hit your 30th birthday, or your 25th, or your 19th — or any age in the general vicinity — count yourself among the 2 billion people worldwide that make up the millennial generation. You’ve grown up with consumer technology, whether it was a Nintendo Gameboy or an iPad. You’ve paved the social media trail. You’ve opted for text messaging as your primary means of communication.

Using smartphone apps or logging into websites to conduct financial transactions and other personal business, send emails or visit social media sites is a natural fit for your lifestyle, too. So, it’s worth asking yourself whether you’re taking enough precautions to secure and protect your personal and financial information from hackers. You don’t want to give them a gateway to your identity so that they can go shopping on your dime, access your bank account or sell your information on the Dark Web.

The trouble starts when hackers crack your username and password. It’s not a huge challenge for them to do the cracking, either. There are plenty of routes they can take, such as sending a phishing email that scams you into revealing sensitive information. They can infect machines or even web pages with malware containing keystroke loggers that record every keystroke you make on your system or keystrokes used for specific fields on websites. They can target a site and then use botnets to run email addresses (which can act as usernames) against the most common passwords from online dump lists until a correct match is found. And if hackers figure out your password to one protected system, they may be able to crack multiple sites where your information lives – if you’ve used the same password on all of them.

How to arm yourself so that you’re not vulnerable – or so that you’re at least less vulnerable – to hackers who want to know all about you? Here are some tips:


When you steer clear of using common passwords – 123456, for example – you lower the chances that botnets will be able to match your password up with your email address/username on a target site. It generally has been considered best practice to use a mix of upper- and lower-case letters, numbers, and symbols (a minimum of eight to 12 characters) that can’t in any way be connected to your personal information. It wouldn’t be a good password choice to include some form of the name of the college you attended, for example, as that data may be culled from social media.


Certainly, you’ll want to do that right away if you are notified of a data breach that may have compromised your personal information, or if you suspect that someone is getting into one of your accounts. Many businesses have policies for employees to reset their passwords and PINs every one to three months, and you may want to adopt similar practices. The National Institute of Standards and Technology (NIST), however, has recently advised that intermittent password changes for employees don’t necessarily increase security in the business world, so you may want to follow that lead, as well.


Recycling the same password across different accounts makes it easier for the bad guys who successfully exploit one of your accounts to get the log-in details for higher-value accounts. And starting the game off with weak passwords makes their jobs even easier. But how are you supposed to remember multiple strong – i.e. complicated – passwords for umpteen individual accounts so that you stay safer? A password manager comes to the rescue here, generating and keeping track of passwords for you. All you need to remember is one secure password for the password manager itself.


Many big services, such as Google and Instagram, offer this option. Two-factor authentication can be put into place, for example, that sends users a code by text message after they enter their password. They’ll be required to use that code to access the account. So, even if hackers get your password, they’ll be left hanging because they don’t have the follow-up code.


Never provide your personal information in response to an unsolicited request; that’s most likely a phishing email trying to lure you into clicking on a link to a site where password data may be stolen or to get you to download an attachment that may include malware for monitoring your log-in activities. Don’t share your username or password with other people, either; if they log in under your account, not only might they get access to your personal information, but you also are responsible for whatever happens under your name. Don’t log into sensitive accounts using free public WiFi; hackers can get between you and the connection point – and therefore get access to data including account passwords.

Don’t forget, of course, that it’s a good idea to use anti-malware, anti-virus and anti-keylogger software.

As a millennial in a technology-enabled society, where usernames and passwords are entry points to everything, you can never be too careful about protecting your data. Taking these steps now can help you avoid trouble later. And by the way, why not share these tips with your parents—they need to protect their identities too!

Santander Bank does not provide financial, tax or legal advice and the information contained in this article does not constitute tax, legal or financial advice. Santander Bank does not make any claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained in this article. Readers should consult their own attorneys or other tax advisors regarding any financial strategies mentioned in this article. These materials are for informational purposes only and do not necessarily reflect the views or endorsement of Santander Bank.
Equal Housing Lender. Santander Bank, N.A. is a Member FDIC and a wholly owned subsidiary of Banco Santander, S.A. ©2019 Santander Bank, N.A. All rights reserved. Santander, Santander Bank, and the Flame Logo are trademarks of Banco Santander, S.A. or its subsidiaries in the United States or other countries. All other trademarks are the property of their respective owners.
Was This Helpful? Yes No