Digital Safety DiscoTech: Change some passwords

Prepared by Samuel Mendez

Our Digital Safety Kit for Public Health helps public health professionals and students reduce the harm of online harassment and anti-science aggression. But we recognize that it can be hard to know where to start. And we know it can be hard to make time to act on our recommendations on your own. So, we’re offering this DIY Digital Safety DiscoTech guide to help you create community spaces for digital safety at your organization. This section provides information on changing passwords. See the full DIY Digital Safety Disoctech guide for more. 

Why should I change my passwords?

Changing your passwords regularly means that if someone guesses or steals your password, there’s less of a chance it will still work when they try to use it. You can keep your password secret, but people might access it through data leaks.

What should my passwords look like?

In general, a longer password is better. Use random combinations of numbers, symbols, lowercase letters, and uppercase letters. Use a unique password for each account. A password manager will help you generate such a password. For example, you can use the free LastPass online tool to make a secure password.

How can I keep track of my passwords?

You can use an online password manager like 1Password or Bitwarden. These services host and encrypt your passwords, locking them in an app behind a single log-in across devices.

You can use a self-hosted option like Enpass. These services save passwords on a device and sync these files across devices via a service like Google Drive or Dropbox.

You can use a journal locked in a drawer or safe to store passwords you only use in one location.

Each option has risks. To lower the risk of losing all your passwords at once, you can divide them among multiple locations. But don’t worry about having the perfect system. Use whatever method that enables you to have complex, unique passwords for each account. You can always add more layers of protection later.

Where should I start?

Start wherever you want! Some places that could be good to start:

• Changing a password you’ve never changed before.
• Changing the password for an account you know has sensitive private messages.
• Changing the passwords for accounts that share a password.
• Changing a password with that you’ve shared with someone before.

What if I don’t want to change my passwords at this DiscoTech?

That makes sense! Use this time to take other actions to secure your accounts:

• Set an alarm to change 3 accounts passwords later tonight. Ask someone to check with you tomorrow to make sure you did it.
• Look into multiple password manager options. Here are some suggestions to get started:
• Bitwarden
• 1password
• Enpass
• Check if your email address has been part of a data breach on Have I Been Pwned

Should I use passkeys instead of passwords?

A passkey is stored on your device and used in place of a password. It lets you log in to an account the same way you access the device, like a PIN or a fingerprint scan. You might have heard that it is more secure than passwords because a passkey is not a word that can be guessed or shared across devices. Not all websites/apps support passkeys, but this is an option you have for certain accounts, including Google and Apple.

Our priority with this DiscoTech is to change old or reused passwords. If you have already done this, do some more research to consider whether passkeys make sense for you.