The Bitwarden Blog
Combating cyber threats in collegiate and professional sports
Each year, the National Football League (NFL) Draft brings with it volumes of speculation in the months and days leading up to the event. Pundits create mock drafts, taking into consideration the endless scenarios that could play out. Their musings provide the fodder fans need to try to answer the big questions surrounding the multi-day event: who will go first? Will there be any surprises? Will my team finally get it right this year?
All good questions, but this year, the question on my mind is different than what it has been in the past. My question is not for owners, teams or GMs – it’s for each of the roughly 256 players that will be selected over the next few days. It is a simple question, but it has big implications: Do you use strong, unique, and random passwords for each of your online accounts?
Why am I asking this? Because every one of those 256 players will sign very large contracts and receive enormous signing bonuses, whether they’re the first pick in the draft or the last. For example, Travon Walker was selected as the first pick in the 2022 NFL Draft. He signed a four-year, $37.4 million contract with a $24.4 million signing bonus. That is a staggering amount of money, but even Brock Purdy, the last pick in the draft (also known as “Mr. Irrelevant”) was awarded a base salary of $705,000 with a $77,008 signing bonus — big money by any standard.
While there is a huge difference between Walker’s and Purdy’s payouts, even “Mr. Irrelevant's” sudden windfall is something to behold. As the public is made aware of these massive contracts, hackers and bad actors lurk in the shadows ready to capitalize on the ill-equipped. This is why it is paramount that all college and professional athletes use a password manager to improve their online security. Password managers protect everything from social media logins, to bank accounts and so much more.
There are a lot of players selected in the NFL Draft and each one of them has a lot to protect, even before their names are called. Universities and organizations do their athletes a disservice by foregoing proper cybersecurity education, especially before an event as public and popular as the NFL Draft. This is a call for better cybersecurity education for athletes.
I was a college football player once. Not nearly as successful as Walker or Purdy, but I can't help putting myself in their shoes. We were never taught about online security. We received no warnings that becoming a household name at 21 (or younger) puts a giant target on your back for hackers and bad actors (see Laremy Tunsil hacking incident during the 2016 NFL Draft).
The need for cybersecurity education has increased dramatically over the years, too. In June 2021, the Supreme Court ruled that the National Collegiate Athletic Association (NCAA) could not limit education-related payments to students. Student-athletes can now profit from their name, image, and likeness or NIL (more info on NIL).
In the years since, there have been monumental shifts in the landscape of collegiate sports as 17- and 18-year-olds (still in college) are now signing million-dollar brand endorsement deals. And while there has been great progress toward treating student-athletes more fairly, equity and protection are not the same thing; cybersecurity education is still severely lacking.
I contacted a friend on staff at a NCAA Division I football program. I asked if he knew of any cybersecurity education offered to the players on his team. He didn't. I also asked him if he knew of any universities providing cybersecurity training for their players. Again, he didn't. This was shocking to me and should concern players, coaches, and other athletic stakeholders everywhere.
Inadequate password security practices could literally cost these young men millions of dollars in current and future endorsement deals while also damaging their hard-earned reputations. That's what inspired me to write this blog. I hope athletes, sports and entertainment programs, and franchises will start addressing the need for better online security.
There are only a few steps to creating a solid cybersecurity foundation, and they're easier than you might think.
Passwords should be at least 14 characters long, include special characters and numbers, be random and should be unique for every account (don’t use the same password for multiple accounts!).
How is it possible to use strong and unique passwords for all your accounts? With a secure, and easy-to-use password manager. Password managers like Bitwarden include password generators that allow users to create passwords faster than you can type your team name and jersey number. There are only a few steps to setting up your password manager:
Steps to setting up your password manager
Create a strong and memorable master password. Your master password should be random. Don't use jersey numbers, team names, mascots or anything else that could be linked to you or easy to guess.
To make it easier to memorize your master password, use a random passphrase like glowing-chapstick-pantheon, then consider adding a number and symbol for greater complexity. The finished product should look something like this: glowi5ng-chapstick!-pantheon. Once you've created your master password, consider testing its strength by entering it in a secure Password Strength Checker to reveal how long it would take to crack.
Import your passwords from Google Chrome, Apple or other password managers to Bitwarden.
Install Bitwarden across all your devices and browsers so that you can quickly generate strong passwords and have secure, convenient access to your logins no matter where you are or what device you’re using.
Go pro with these tips
Enable 2FA (two-factor authentication) to log in to Bitwarden (see instructions).
If desired, Enable biometric login (i.e. Face ID), and other productivity features.
Log in to your Bitwarden web vault and view your Vault Health Reports. Identify your most sensitive accounts (banking, finance, etc.) and see if your passwords are reused or have been in a data breach. If they have, change them immediately using the Password Generator. Repeat the process for the rest of your accounts, starting with the most sensitive accounts. Remember that if you’re a public figure, protecting your social media presence is essential because your public image is at the root of your finances and crucial to your future success.
Two-factor authentication adds another layer of security to your online accounts by requiring a verification code before you can access your accounts. You can enable 2FA in the account security settings of most apps and websites. Receiving a text/call/email with a code is better than nothing. Still, it's best practice to use an authenticator app (like the one built-in to Bitwarden) or others such as DUO Security.
Practice secure password sharing by using Bitwarden Send to transmit sensitive information. If someone asks for a password, username, or login, ensure that the person asking is not an imposter. Also, verify they have a good reason for needing your personal information.
As SocialProof Security CEO and white hat hacker Rachel Tobac points out, attackers can use public information about you to appear legitimate, this is commonly referred to as phishing. To protect against potential phishing attacks, be aware of what personal information might be shared on public forums such as social media. To learn more about how high-profile individuals can protect themselves from cybersecurity threats, check out Rachel Tobac’s Hacker’s Guide to VIP Security.
The most successful athletes protect themselves on and off the field. Password managers can't help protect your body from injury, poor diet, or insufficient sleep, but a password manager like Bitwarden will help you protect your personal brand, finances and more. Don’t surrender your hard-earned success by allowing gaps in your coverage. A big hit to your brand or financial security can be far more damaging than a big hit on the field. Get started with a free Bitwarden account today, or go premium for only $10/year.
For franchises, universities, and organizations interested in implementing a password manager, contact sales or start a free trial.
On this page
Back to Blog