Protect your data by protecting your passwords

We show you how to create and manage secure passwords to protect your projects.

Available in:

Do you use your birthday or your pet’s name as a password to protect your ultra-confidential journalistic investigation, the testimony of the source who wants to remain anonymous, and the news that would cause the government itself to fall off its chair? Well, it’s time you know the dangers of not creating secure passwords and why you should strengthen them.

When you send an email, you are creating data that is stored on the web. You would think that mail is a personal means of communication, addressed only to the mail user entered in the “send to” box, but the chain extends beyond two people. In Ted Talk: Think your email is private? Think Again, Andy Yen, a Taiwanese Harvard Ph.D. in particle physics and researcher at CERN in Geneva, Switzerland, discusses how we have lost control over our data. He compares an email to a postcard. Everyone can see the message from the time it is sent until it reaches the recipient, including internet providers, governments, and mail providers. It happens with most cloud service providers where data is stored, such as Drive, Dropbox, Gmail, or social networks such as Facebook or Google. We recommend two articles on this topic:

For this reason, one of the first actions you should take to protect all your accounts, especially those where you store confidential and vital data from your investigations or journalistic follow-ups, is to create secure passwords. The more elaborate they are, the better.

How to improve the security of your accounts?

Here are some of the tools and actions you can do.

First, go to How secure is my password, enter your passwords in the bar, and the platform calculates how long it would take for a computer to crack your password. It also gives you advice on what you could do to strengthen it and recommends a password manager. You should keep these recommendations in mind, and above all, even if your password is secure, do not use the same one all the time.

A password manager is a software application designed to store and manage passwords online. Typically, these passwords are stored in an encrypted database and locked behind a master password.

Verizon’s 2021 data breach report stated that most cyberattacks in 2020 were directed against cloud-based servers. Most attempted to use stolen credentials obtained from other breaches or “brute force” password guessing aided by automated scripts (Computer science, a script, scripting, or script is an informal term for a relatively simple program). Watch this Ted Talk about how a hacker can steal your password.

The famous xkcd webcomic “Password Strength” explained it best:


An excellent way to create passwords is a passphrase. A passphrase is a sequence of words or other text used to control access to a computer system. It is similar to a password in usage but is generally longer for added security. Some tools create them for you, such as Use a Passphrase.

The challenge is to remember all the passwords created in this way, which is why password managers are so helpful: if you manage to retain your manager’s master password, you don’t need to remember them all. Or, you can do it the old-fashioned way, write them down in a notebook that you keep in a safe place that no one else can find.

You could also Pwned Passwords as a way to find out if your password is secure and if your documents are protected. The platform tells you how many times your password has been hacked through data security breaches and how many times it has appeared in databases you have not authorized. If you get a message like the one you see below when you enter your password, you should automatically change your password everywhere you use it (remember that it should be unique for each site).


Some pages and apps manage their password managers, like Google. In your account settings, you can find some options, such as “personal info and privacy” or “sign-in and security”. They allow you to manage the accounts in which your email and passwords have been used. Also, you can disable geolocation, through which they can track a lot of data. Read this article to learn more about geolocation.

Keeping track of your passwords and strengthening them is essential to safeguard the right to privacy and cybersecurity concerning the databases that the vast majority of journalists manage in online clouds, especially when the work has completely migrated to virtuality in times of confinement.

If you liked this article and want to get more information directly to your inbox subscribe to our newsletter, twice a month we will send you a selection of the most important events and news in data journalism: