Last month I thought my default password was secure.  It had something to do with a nickname I had in grade school – something no one calls me anymore. Completely un-guessable. Until my 10-year old daughter figured it out and started signing into things as me. The world has changed a lot since I was in grade school, and youth are driving many facets of technological developments. And if my pre-adolescent daughter who has never read a Tech Crunch article can guess my password with ease, perhaps I need to rethink my idea of security. After all, the majority of identity thefts are perpetrated by someone we know.

And it turns out many of us make it easy for strangers too. Even two-factor authentication is only as strong as the weakest link.  If someone were to gain access to your email account, what else would that allow them access to? How many of your accounts are tied to your email address? A little bit of due diligence would expose many of us. One key mistake, according to TechWorm, is that we tend to tie accounts to an email account that contains our name. Password resets are handled via email, and those email addresses are not as secure as we like to think.

We should all have an email address that is not tied to our name – something we keep private for secure purposes like password resets. The password reset email is equally important as your primary email, and should have a password equally strong – one that is not tied to your personal information or easily guessable. By keeping a reset email that can’t be linked to your personal name or accounts, you add a crucial piece to your identity security. And by strengthening a piece of the pie, we essentially strengthen the whole chain.