Bad Things Happen:
A few years ago, I read about a teacher in my district who had his district email account hacked. It was embarassing for him. We use Gmail, so it's highly unlikely that the attacker found some magical back door to his account. They just did a good job of guessing his password. Unfortunately, our district has their own password management system, so we can't use 2FA on our work accounts.
How Bad Is It?
He shouldn't feel so bad. Students like to poke around. It's quite common for them to guess classmates' passwords and get into their business. At the middle and high school level, it can get pretty nasty. So I posted instructions for my students and their families. My own young children have strong passwords they've memorized, so it's not too much to ask of anyone.
How Good Can I Make It?
So…how bad is your password? If you're like one of my students, he thought he was clever by randomly picking three letters. Granted, he's lower elementary, but grownups aren't that much better. Here are some suggestions:
- Measure the strength of your password at How Secure Is My Password?
- See if your password has been used by someone else .
- Check if your account has shown up in a website breach: Have I Been Pwned?
- Generate a strong password with DICEWARE.
- Even better, use a Password Manager, such as 1Password. It will do all of the above for you and keep all your passwords safe, yet convenient for you to use. It also supports 2FA. At $30/year, it's well worth the money.
Safeguarding Your Passwords
You can use Troy Hunt's HIBP service from Step 3 above to receive alerts if your email address shows up in any breach lists.
Obviously, don't share your password. As long as you don't use the same password on multiple sites and it's a strong password, you won't have to change it unless it's been compromised by you or the website. As you learned in Step #1, it will take a very long time for someone to guess your password.