In this day and age, a lot of us live online. It’s where we work, it’s where we shop, and it’s where we plan for the future. 

Therefore, it’s wise to exercise more caution to keep our digital assets safe. However, according to researchers at U.S. News, 61% of Americans say they’ve had at least one of their online accounts breached by cybercriminals.

You don’t want to become a statistic, so you must exercise password hygiene and take proactive steps to secure your online accounts.

To help you get started, we sat down for a Q&A session with Chetan Honnehalli, a digital security expert and engineering lead at Hubspot. 

At Hubspot, Honnehalli oversees the fintech engineering group responsible for revenue calculations, reporting, and data security. Over the last 15 years, he’s managed development teams at big names like Meta, Zoom, and American Express Global Business Travel.

Honnehalli is also the editor of Real Cyber Report.

Read on to get his pro tips on creating a strong password, find out how to avoid phishing attacks, and learn how you can use platforms like Trustworthy to keep your accounts secure.

What Is Password Hygiene and Why Is it Important?

Answer: Password hygiene means consistently creating strong, unique passwords across all your accounts. It’s crucial because a single compromised password can open the door to your entire digital life.

Reusing passwords across multiple sites and using weak, guessable passwords are the biggest common mistakes. Also, relying on obvious personal details—like birthdays or pet names—makes them easy targets for attackers.

What Are the Characteristics of a Strong Password?

Answer: A strong password is long—ideally 12 characters or more—includes a mix of letters, numbers, and symbols and doesn’t rely on predictable patterns. Randomness is key to preventing brute-force attacks.

Update your passwords at least once or twice a year or immediately after any security incident. Regular updates reduce the window of opportunity for hackers who may have stolen old credentials.

Passphrases are generally more secure because they’re longer and easier to remember. A series of unrelated words—like ‘LampHorsePineapple’—is surprisingly hard for attackers to guess compared to short, cryptic passwords.

Why Is Multi-Factor Authentication (MFA) Critical for Account Security?

Answer: MFA adds an extra layer beyond just a password, requiring something you know (password) plus something you have or are (token or biometric). That second factor significantly reduces the risk of unauthorized access.

Whenever possible, use an authenticator app or hardware token over SMS since texts can be intercepted. Also, keep backup recovery codes in a secure place in case you lose access to your primary device.

Are Password Managers Safe to Use?

Answer: A password manager acts like a secure vault for your credentials. You only remember one master password, and the manager encrypts and auto fills your logins, ensuring each password is uniquely complex.

The main benefit is improved security and convenience, as you won’t reuse passwords or forget them. 

The risk is a single point of failure. If your master password or vault is compromised, it can expose all accounts.

Look for a trusted vendor with a solid security track record, strong encryption standards, and zero-knowledge architecture. Extra features like multi-factor authentication and secure password sharing can also be valuable.

How Can You Identify and Avoid Phishing Attacks?

Answer: Be cautious of unexpected emails asking for personal information or containing suspicious links. Look for poor grammar, mismatched URLs, or urgent requests for action—those are classic phishing red flags.

If you reuse passwords and accidentally enter one on a fake site, attackers can use it to access other accounts. Weak passwords make phishing attacks exponentially more damaging.

What Should You Do If You Suspect Your Account Has Been Compromised?

Answer: Immediately change that account’s password and enable MFA if you haven’t already. 

Next, review recent logins or transactions for suspicious activity and update any other accounts using the same or similar passwords.

What Are the Risks of Reusing Passwords Across Multiple Sites?

Answer: Once a hacker obtains one set of credentials—whether from a data breach or phishing—they’ll use automated tools to test stolen username-password combos across hundreds of websites. 

If you reuse passwords, there’s a high chance these bots will successfully breach your other accounts. This can quickly snowball into multiple account takeovers.

What Are Your Top Tips for Secure Password Storage?

Answer: If you must write them down, keep them in a locked or hidden physical location. Storing them in plain text digitally—like a note on your phone—is risky. It’s preferable to use a secure password manager.

Use an encrypted file or a physical notebook kept in a locked drawer if you have to store them offline. And don’t forget to update or destroy old copies when your passwords change.

How Should You Handle Password Resets Safely?

Answer: Always initiate a reset from the official site, and never click on links from unsolicited emails. Make sure the new password follows good complexity practices, and update any saved credentials in your manager right away.

People often reuse a slightly modified version of an old password or pick something simple for convenience. Another mistake is resetting via unverified links, which can lead to phishing or impersonation attacks.

What Does the Future of Password Security Look Like?

Answer: Biometrics and hardware keys are on the rise as more services push for frictionless logins. 

FIDO2-compliant devices, like security keys, offer strong protection, and we’re seeing broader adoption of facial recognition and fingerprint scanners.

Using Trustworthy to Keep Your Passwords Safe

Great password hygiene is absolutely essential to keep your online accounts safe, and password managers can be an incredible tool. But that’s only half a solution — which is why it’s worth taking your digital security to the next level by combining your existing password protections with Trustworthy.

Trustworthy’s complete Family Operating System® enables you to upload and manage all of your family’s important documents using one ultra-secure dashboard.

Your Trustworthy vault can contain everything from passport and ID information to financial documents, estate plans, insurance policies, and password information. You can use it alongside your existing password manager to keep your master credentials under lock and key (but still accessible if you forget your password information).

Once your documents are uploaded and categorized, they’re protected by bank-level AES 256-bit encryption, tokenization, multi-factor authentication, and biometrics. 

That ensures your information is protected against unauthorized access and phishing attacks. Trustworthy even scans anonymized password data against dark web databases to detect breaches, then prompts you to change your account password.

Ready to learn more? Take a look at Trustworthy’s range of features and join now to start securing your accounts.