Passwords: Simple Ways to Increase Your Security
A Note on Language
In this toolkit, we will sometimes use the word woman/women and feminine pronouns for simplicity and to recognize the significant impact technology-facilitated violence has on women and girls. We recognize that TFGBV also impacts trans, non-binary, and Two-Spirit people. We hope that all people impacted by TFGBV will find these documents useful.
Domestic Violence Can Make Password Safety More Complicated
An abusive partner or ex-partner often knows much more about you than others, and this can put your personal information stored in accounts and devices at risk. The perpetrator may coerce you to share passwords or may even be able to guess them.
It is important to create a safety plan before changing your passwords if the perpetrator is likely to become more abusive if they cannot access your information in the same way. You can contact your local anti-violence organization to develop a safety plan.
What Makes a Password Less Safe?
The perpetrator’s intimate knowledge about you means that these common password habits are NOT safe for someone experiencing violence or abuse:
- Using common passwords, like ABC123 or password
- Using your own, children's, or pets’ names or birthdays in passwords
- Using the same passwords for all accounts
- Answering backup questions with answers that an abuser may know or be able to guess (e.g. your mother’s maiden name or your favourite colour).
Good Password Habits
Use Different Passwords for Different Accounts
That way, if someone discovers one of your passwords, they won’t have access to all your accounts.
Avoid Using Keychains
Resist using keychains via your browser (e.g. Safari or Google Chrome) to store your passwords. These are little messages that you may see at the top of your browser that ask if you would like the browser to store your password. But do consider using a password manager (see below).
Be Strategic with Your Secret Questions and Answers
Those secret questions aren’t really secret. Someone who knows you (or someone who can Google) may be able to guess where you went to high school or your favourite colour. There’s no rule that you have to be honest when answering those secret questions so make up an answer that you will remember but someone else can’t guess or make use of the option to create your own secret question if available.
Keep Someone from Cracking Your Password by Testing It
It’s not just someone who knows you who can guess your password. Computer programs can easily and quickly crack passwords. Words that come out of a dictionary are easier for these programs to decode. Create a mix of words and symbols or phrases, and make it long so it’s more difficult to crack.
You can:
- Check to see if your email address has been breached at Have i been pwned?.
- Test your password at How secure is my password? to see how easy it would be for a password-cracking software to guess. You’ll be surprised at what you learn! For example, “blahblah” would only take 5 seconds for a program to crack, but “blahblahblahblah” would take 35 THOUSAND years! (Now don’t go and use that one – figure one out for yourself!)
Finally, ensure any recovery email addresses and phone numbers are current and are your own before enabling 2-step verification or multi-factor authentication as an additional security step.
Keep It Simple
If you make your password too complex or difficult, chances are you’ll forget it and get locked out of your account. Your password should be a phrase or words with numbers mixed in that you can easily memorize. If you must write down your password, be cautious about where you keep it.
Sticking it underneath your keyboard or on your monitor isn’t the most secure place. You also don’t want to keep it somewhere where someone else could easily find it by going through your belongings. Or, instead of writing down the password itself, write down a hint so you can remember what it was.
Keep Accounts Separate
Sometimes services like Facebook or Google give you the option to sign into other accounts using the accounts you already have with them. This can be convenient, but if someone gets the password to your Facebook, for example, they may be able to access many other accounts easily.
Don’t Share Your Password
Before you share a password, make sure this person is someone you can trust, now and in the future. Most of our online accounts hold a significant amount of personal information about us, and you might not want it shared with others.
Change Your Password Often
If you think someone knows your password, changing it will keep them from further accessing your accounts. It’s also good practice to get in the habit of changing your passwords now and then.
Uncheck the Remember Me or Keep Me Logged In Feature
While these features make it super easy to access accounts, it also makes it easy for someone who’s using the same computer or device to access those accounts. Be especially careful to uncheck those features if you’re logging in to an account on someone else’s device or a public computer.
Always Remember to Log Off
Your account may remain open for days if you don’t log off, allowing others access. Some accounts, such as Facebook and Gmail, allow you to see other places where you’ve logged in and deactivate those log-ins.
Delete the Account or App
If you’re using an app on a smart device that doesn’t allow you to log off, you might want to consider deleting the app or account. This is an additional hassle, but you can weigh the sensitivity of the information in that account and the risk of someone else accessing that information.
Suggestions for Making Passwords Easier to Remember
Those experiencing violence often have way more on their minds than remembering a lot of passwords. Sometimes that can be related to things like trauma, sleep deprivation, stress, or depression. It is not your fault if you find yourself forgetting passwords. Try these suggestions for making passwords easier to remember:
Choose Four Things
Create a password with four different things that are not related. Try listing them in alphabetical order to help you remember their order (e.g. CoconutElephantMicroscopeNetball)
Write a Sentence
Write a sentence and misspell or use a non-English language for some of the words (e.g. MifavouriteactorisNicoleKiiidman).
Consider Using a Password Manager or Vault
These can not only store your passwords in one secure area, but they can also generate strong and unique passwords so that you don’t have to put the energy into doing that yourself. We recommend researching reputable tech sites to select a password manager that you feel is right for you. Many of these offer free subscriptions at a base level – all that is needed is one rock-solid password to “lock” the vault and all of your other passwords within it.
Technology-Facilitated Gender-Based Violence (TFGBV) is part of a continuum of violence that can be both online and in-person. If you or someone you know is experiencing TFGBV, you are not alone. You can use sheltersafe.ca to find a shelter/transition house near you to discuss options and create a safety plan. You don’t need to stay in a shelter to access free, confidential services and support.
Adapted for Canada with permission from NNEDV’s Safety Net project, based on their resource Tips for a Secure Email Account.