If you:

* Have tweeted about password or SSN memes
* Have a password on a high-risk acct (bank, etc) that you have used ANYWHERE else
* Have SSN/passwords written ANYWHERE in a form that leaves your home

READ.

It is very easy to think you are doing something very high-risk "safely". I just want to be clear about the many ways in which things that feel safe very much aren't, and the hidden risks you may not think about.

1. Password/Security Question/SSN Memes

You may think your sharing of "lol and yeah what was your mother's maiden name?" meme is harmless because you didn't fall for it and are in on the joke. If ONE person DID fall for it, it is now public, and their account is at risk.

These memes often have the purpose of getting enough people in on the fun that it encourages by peer pressure people who don't "get it" to participate too. And if someone's account is compromised, it usually doesn't JUST impact them.

If princess peach's personal email gets hacked and used to ask luigi for a favor he is far more likely to respond even if maybe in general he is wary of phishing attempts. It's from PEACH! She can be trusted!! (etc.)

Actual example I saw: that recent viral tweet about having your SSN in your notes app? The intention was to highlight the lack of security. The result? HUNDREDS OF PEOPLE admitting they do this, telling anyone who cares to know they have a glaring security risk.

2. High-risk password shared anywhere else

Why does this matter? Simple. Say I used the password "gokusucks99" in an email address i made in 2008 and forgot about. that ancient email server had bad security encryption and was later hacked, so a bad actor has my old password.

If I have used that pwd ANYWHERE else, it's now COMMON KNOWLEDGE.

This is why reusing passwords isn't advised. It isn't JUST the risk of your specific password being easily guessed. It's the risk of you using it somewhere that eventually gets its encryption cracked, so that password is now public knowledge. It compromises UNRELATED accounts.

By the way, your e-mail is a high risk password. Because if someone gets into your email, they ALSO essentially get free account recovery for EVERY SINGLE ACCOUNT TIED TO THAT E-MAIL. Your e-mail is so crucial to your identity in this age. PROTECT THAT SHIT.

(Brief aside to talk about multifactor authentication. It is perfectly reasonable to be wary when random websites want your phone number. But you DO want MFA on your paypal, your bank, your main email, because that means even if your password is compromised, your account isn't.)

3. DO. NOT. HAVE YOUR SSN OR PASSWORDS WRITTEN DOWN ANYWHERE THAT LEAVES YOUR HOME. PERIOD.

Whatever you think you have done to make this safe, you haven't.

Actual example I saw: "I have my SSN in note labeled 'gift card for mom'." Well:

1. Your SSN is still in plaintext. Any ID thief will know a 9digit # is valuable.
2. You have just made this tactic common knowledge. It no longer provides any protection.

So the above is an example of why #1 is dangerous, too. In an attempt to participate in a conversation, you compromised your own security, and that of everyone else who does the same thing. I guess this is good because now we can have a convo about how UNSAFE that is.

Step one: don't do things that aren't secure (have SSN in plaintext)
Step two: don't TELL PEOPLE about the corners you cut anyway (tweet about it in a viral thread)
Bad enough to have weakness, worse to announce it.

Another brief aside, also just... you know, try to have complex passwords. Use a secure password generator, or if you choose to make it something you'll remember, don't include the word "password", your birthdate, your name, kids' names, etc. These are SO easy to crack.

3. DON'T HAVE PASSWORDS OR SSN WRITTEN ANYWHERE THAT LEAVES YOUR HOME.

Do you have them on your phone? Think of everyone in your life you know that has lost a phone/had one stolen. Every piece of security data stored on there is a RISK that you are taking.

"The note is locked though!" How secure is the password you used to lock it? Is it used anywhere else? See above. Also if someone has your phone and they have all the time in the world to crack it. That shit better be LONG, COMPLEX, UNIQUE, or it's useless. Even then, Just Don't.

Your account security is only as strong as your weakest link. The more you re-use passwords, the more places you store passwords, the more accessible those passwords are, the more you are compromising all of your accounts and your own identity/safety.

Just... please for the fucking love of god stop FUCKING TWEETING ABOUT YOUR BAD SECURITY HABITS, YOU SHOULD BE WORKING ON MOVING AWAY FROM THEM AND IN THE MEANTIME YOU SHOULD NOT BE ANNOUNCING TO THE WORLD HOW EASY IT IS TO HACK AND STEAL YOUR SHIT

oh and finally, close old accounts you don't use, otherwise they are just sitting around to potentially be cracked at a later date which could compromise other accounts. it's a liability you don't need.

i'm done killing the fun i think now. wew

my hope as a takeaway for this is next time you see a meme like "lol you dont just reuse the same PIN for everything?", and you have an urge to respond w "lol i know its bad but i do", you instead consider changing your PIN, and keeping that weakness to yourself in the meantime.

even better if you also respond to OP with "hey this is encouraging people to reveal account weaknesses and you should consider taking it down" but baby steps