A password is often all that stands between you and sensitive data. It’s also often all that stands between a cybercriminal and your account. Below are tips to help you create stronger passwords, manage them more easily, and take one further step to protect against account theft.
- Always: Use a unique password for each account so one compromised password does not put all of your accounts at risk of takeover.
- Good: A good password is a non-dictionary word, 10 or more characters in length, with a combination of uppercase and lowercase letters, plus numbers and/or symbols — such as %GO%%pak211. Complex passwords can be challenging to remember for even one site, let alone using multiple passwords for multiple sites; strong passwords are also difficult to type on a smartphone keyboard (for an easy password management option, see “best” below).
- Better: A passphrase uses a combination of words to achieve a length of 20 or more characters. That additional length makes its exponentially harder for hackers to crack, yet a passphrase is easier for you to remember and more natural to type. To create a passphrase, generate several words from a dictionary. Consider adding "padding" to further increase the length — such as goGreenAndGold$$$$$$. You’ll still find it challenging to remember multiple passphrases, though, so read on.
- Best: The strongest passwords are created by password managers — software that generates and keeps track of complex and unique passwords for all of your accounts. All you need to remember is one complex password or passphrase to access your password manager. With a password manager, you can look up passwords when you need them, copy and paste from the vault, or use functionality within the software to log you in automatically. Best practice is to add two-step verification to your password manager account. Keep reading!
- Step it up! When you use two-step verification (a.k.a., two-factor authentication or login approval), a stolen password doesn’t result in a stolen account. Anytime your account is logged into from a new device, you receive an authorization check on your smartphone or other registered device. Without that second piece, a password thief can’t get into your account. It’s the single best way to protect your account from cybercriminals.
Animated Overview: Using Password Managers to Stay Safe Online
Animated Overview: How to Make a Super-Secure Password Using Dice
Test Your Password
7 Bad Password Habits to Break Now
Lock Down Your Login