Formulate Strong Passwords and PIN Codes

Training Code
Topic 2.0
On Demand
Location type


The Bottom Line

Threat actors have many methods for guessing your account credentials. Creating strong passwords that are long, unique, and random for all of your accounts will help keep your information from falling into the wrong hands.

Check out “The Problem below to learn more about why creating a strong password can protect you from being compromised by a threat actor … or skip straight to “The Solution!”

The Problem

Weak passwords are a primary cause of account security breaches.

Account authentication is one of the most important cybersecurity cornerstones for individuals and organizations. This is your method for controlling access to your data, regardless of whether it is stored on a personal device or in an account that you access from the internet.

Threat actors seeking to steal your data have several methods to do so. If you use a weak password or reuse a single password for multiple accounts, you’re more susceptible to brute force or dictionary attacks, both of which are methods for guessing your password to gain unauthorized access to your account.

The Solution

Use a strong password to keep threat actors from stealing your information.

Check it out!

Check out CISA guidance for specific examples of how to create a strong password that meets requirements for length, randomness, and uniqueness.

Passwords – Strong passwords should be:

  • Long. Use at least 16 characters.
  • Random. Use a mix of unrelated words and phrases OR use a random string of letters (capitals and lower case), numbers, and symbols.
  • Unique. Use a different password for every account.

PIN codes – Some accounts only allow you to use a PIN code, which will reduce your ability to follow the rules for length, randomness, and uniqueness. If you do have a choice between using a PIN code and a password, it is highly advisable to use a password. If the PIN code is your only option, you should still follow the three rules to the best of your ability by making it:

  • Long. Your best protection with a PIN code is to make it as long as you can.
  • Random. Use a random code as opposed to a simple pattern like 123456.
  • Unique. Do not reuse PIN codes for multiple accounts.

While you may not be able to choose the length of your PIN code due to limitations outside of your control, it is important to keep them random and unique so that your other accounts are not at risk if one of your PIN codes is compromised.



  • Use strong passwords that satisfy the requirements for length, randomness, and uniqueness.
  • If you must use a PIN, make sure that it is long, random, and unique.

Do Not

  • Create a password that fails to satisfy requirements for length, randomness, and uniqueness.
  • Reuse passwords between accounts.


Project Upskill is a product of the Joint Cyber Defense Collaborative.



  • Module 1: Basic Cybersecurity for Personal Computers and Mobile Devices
  • Module 2: Protecting Your Accounts from Compromise