Reminder: Good Secure Password Practice

By in Social media marketing May 26, 2017

Around the web, we’ve seen a few recent “hacks” of accounts, both Instagram and other social media accounts.

Some of these have been big database breaches (a different problem altogether), while others have just been single accounts accessed without permission. At Schedugram, we take your account security seriously, and our team does a lot of work to make sure that we are protecting the passwords you give us so that we can post for you.

As a result, we thought it’s a good opportunity to remind people that you should always be using a secure password for all of your logins, including Schedugram and of course your Instagram accounts.

We’re often told that people have “simple” passwords because it helps team members (or external agencies etc) be able to remember them and use them more easily. However, this isn’t really a good excuse – there are now some great password managers like LastPass, 1Password and more that can help you share a (secure) password between team members, both internal and external.

Similarly, saving passwords somewhere like an Excel document or Google Sheets spreadsheet is a bad idea – these are definitely not secure places to store passwords!

If you need a password that is simple to remember, you can use a technique like this one:

Security experts will point out that the “random” option is preferred than a series of common words that are vulnerable to a dictionary-based attack, but regardless, that’s a lot better than something like:

  • Password
  • 123456
  • Password2017
  • nike17 (e.g. for @nike’s account)
  • nikeIG or nikeFB (e.g. for @nike’s Instagram or Facebook account)
  • n1ke! (e.g. for @nike’s account)

These last ones are important to avoid – if someone wants to access your account, they are pretty easily guessable if it’s just a common variation of the account username itself. And guessing a password will be a lot easier than any kind of brute force (computer-based guessing) attack!

A good password will:

  • Be at least 8-10 characters long
  • Use a combination of upper and lowercase letters
  • Include numbers
  • Include special characters (like !)
  • Be unique – so not be the same across multiple accounts, whether on Instagram or elsewhere. Particularly with the recent account breaches, it’s common that hackers will use a password entered on one breached service and see if it’s the same on Facebook/Gmail/etc for that email/password combination. You can check if your email has been included in any of the breaches online at this great service Have I Been Pwned, run by Australian security researcher Troy Hunt.

If you’re using a password manager, they commonly include a generator that lets you generate secure passwords and store them automatically. If not, you can use one of the tools like this one to generate random strings that you can use.

It’s also a good idea to cycle your passwords periodically – don’t go crazy and do it every week, but perhaps at least once every 3-6 months. A password manager obviously makes it a lot easier to keep everyone up-to-date if you are changing the passwords often.

So take the time now to review your Instagram and Schedugram passwords – are they too simple or guessable?

You can update the Instagram password either in the Instagram app or online at – when you do it online, go to your profile, click the settings cog, and then click ‘change password’.

If you do update your Instagram password, don’t forget to update it in Schedugram too – you do that on the ‘manage accounts’ page by hovering over ‘account actions’ and clicking ‘change password’. Otherwise next time we go to login, we won’t be able to login and post for you.

To change the password you use to login to Schedugram, go to “billing/profile settings” when you are logged in, then click ‘change password’ on the right hand side.