Skip Navigation
Action Center Fighting Oppression Protecting Public Education
Financial Aid for Educators ALL IN: Building Union Power Legal Resources & Know Your Rights Paid Family & Medical Leave Weingarten: The Right to Representation
Events & Conferences Bargaining Certificate PDP Courses Racial, Economic & Social Justice Video Library Calendar
Our Mission Our Leaders Our Members History Grants, Awards & Opportunities Online Store
All Articles MTA Publications Obituaries
MTA Elections Resources for Union Leaders Staff Directory Handbooks and Documents Board of Directors Executive Committee Dues Allocation NEA Directors
We use cookies to offer you a better browsing experience, provide ads, analyze site traffic, and personalize content. If you continue to use this site, you consent to our use of cookies.

Password privacy reduces risks of financial theft and account takeover

When was the last time you used a password? Was it four or five minutes ago? That sounds about right. In the digital world, consumers are bombarded by demands for passwords.
By: MTA Staff
Published: December 2021

When was the last time you used a password?

Was it four or five minutes ago? That sounds about right. In the digital world, consumers are bombarded by demands for passwords. These combinations are essential for everything from Pinterest and Instagram to the veterinarian’s account for your dog, so it’s tempting to use the same password over and over.

Don’t! Reuse and other password goofs often backfire. It’s vital to do all you can to boost privacy for these basic security tools. The typical person has several dozen accounts requiring credential logins. Some have more than 100. Sheer volume is at the root of the reuse problem. A 2018 research study at Virginia Tech documented that 52 percent of all account holders reuse their passwords1. Even worse: A considerable percentage of users — when alerted that their credentials had been compromised — continued to use them!

Don’t get stuffed!

When thieves grab login credentials in one data breach, those credentials can be tested on other websites to catch users. The term for this automated trial-and-error approach is "credential stuffing." It’s rapid and highly successful. More than 50 million attempts were predicted for 2020. When successful, the intruder takes the next step, changing the password to commandeer the account and lock out the real owner. Account takeover is a devastating event that you don’t ever want to endure. The results range from loyalty points being stolen to financial accounts being emptied.

You’re overdue for 2FA

Activate two-factor authorization on your key accounts. If you own a debit card, you already use 2FA. It’s a combination of something you have (the card) and something you know (the PIN). However, acceptance of this added security layer, also called Multi-Factor Authentication, or MFA, has been slow, with less than 50 percent of users selecting 2FA as an option.

Check for vulnerabilities

Want to check your own password vulnerabilities? Email addresses — which are common usernames — can be evaluated for exposure at the nonprofit site haveibeenpwned.com. This free service sometimes even pinpoints the data breach that exposed your details. If your cherished email address or password pops up on this website it will rattle you, but there’s no better way to grasp the risks. HIBP also offers an optional email compromise alert if your data is exposed in the future.

Additional risks and protections

Most humans’ memories can’t recall all of the passwords they use. Most important are the accounts that you cannot afford to lose. Your mental vault is ideal for banking or investment passcodes. Once you decide which codes are critical and store them in your head, follow these suggestions for less sensitive codes to boost security:

  • Post-it notes have got to go! In Hawaii, for example, state emergency management officials were caught using Post-it notes on computer monitors for password storage. This is a big mistake.
  • Don’t use the cat’s name or your birthday as a code. Try a phrase if that is easier to remember. Simply choose a letter to represent each word and add some numbers.
  • Ditch the concept that longer passwords are superior. Go for unique instead. Even a 20-digit code is dangerous if it has already been hacked.
  • Decline website offers to store your passwords for faster checkout. If they’re hacked, you’re hacked.
  • It’s tempting to pay someone else to hold all your passwords, and password managers have proliferated. They promise that all you have to memorize is one master code. But before you leap, consider how codes are stored. Are they encrypted? Evaluate how the provider handles hacks, both past and future. Even firms that utilize a zero-knowledge basis need robust scrutiny. Zero knowledge means the company won’t store users’ individual codes so a hacker can’t grab them from corporate files. Individual passwords are stored on your personal device and the manager only controls that vault’s front door. If you opt for a manager, definitely select a unique passcode.
  • Install and use browser extensions that tap into HIBP’s database to check for stolen credentials when you establish new online accounts.

IDShield is a product of Pre-Paid Legal Services, Inc., d/b/a LegalShield ("LegalShield"). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This article is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.

All program and pricing information was current at the time of publication (February 2021) and is subject to change without notice. To find out what may have changed, please call MTA Benefits at 800.336.0990.

1 Department of Computer Science, Virginia Tech (2018). https://people.cs.vt.edu/gangwang/pass.

Get more from

Standing up for educators and students for 180 years.
Massachusetts Teachers Association logo

A Diverse Union of Education Workers

The MTA represents 117,000 members in 400 local associations throughout Massachusetts. We are teachers, faculty, professional staff and Education Support Professionals working at public schools, colleges and universities across Massachusetts.
Learn More
Join MTA

The Massachusetts Teachers Association is a state affiliate of the National Education Association (NEA), the nation's largest professional employee organization. NEA has affiliate organizations in every state and in more than 14,000 communities across the United States.

Learn more at NEA.org

Signup

Indicates Required

Validate your MTA membership to create an account and access members-only content.

Use the same first and last name as your MTA membership.

Find your membership number on your MTA membership card. If you can't access it, call the MTA Membership Division at 617-878-8118 or email membership@massteacher.org to request. If you need additional support, email contactus@massteacher.org.
A valid email address. All emails from the system will be sent to this address. The email address is not made public and will only be used if you wish to receive a new password.

Login

Indicates Required

Log in to access content only available to MTA members.