Use Strong Passwords
Create long, random, unique passwords with a password manager for safer accounts.
Stop Crime Online with Strong Passwords | Audio Description
How to Make Strong Passwords! (We Can Secure Our World) | Audio Description
Strengthen Your Passwords with Three Simple Tips
A strong password follows ALL THREE of these tips.
1. Make them long
At least 16 characters—longer is stronger!
2. Make them random
Two ways to do this are:
Use a random string of mixed-case letters, numbers and symbols. For example:
- cXmnZK65rf*&DaaD
- Yuc8$RikA34%ZoPPao98t
Another option is to create a memorable phrase of 4 – 7 unrelated words. This is called a “passphrase.” For example:
- Good: HorsePurpleHatRun
- Great: HorsePurpleHatRunBay
- Amazing: Horse Purple Hat Run Bay Lifting
Note: You can use spaces before or between words if you prefer!
3. Make them unique
Use a different strong password for each account.
For example:
- Bank: k8dfh8c@Pfv0gB2
- Email account: legal tiny facility freehand probable enamel
- Social media account: e246gs%mFs#3tv6
PRO TIP: USE A PASSWORD MANAGER
It’s hard to remember all these strong passwords and we don’t want to save them in a file on a computer. Instead, use a password manager. See below!
Passwords Tip Sheet
Download the Secure Our World Passwords Tip Sheet to share with friends and family.
Use a Password Manager
For most people, generating and remembering long, random and unique passwords for every account is not possible. Rather than write them down, use a password manager! A password manager is an easy-to-use program that generates, stores and even fills in all your passwords. Password managers tell us when we have weak or re-used passwords and can generate strong passwords for us. They can also automatically fill logins into sites and apps as we move from one to another.
When we use a password manager, we only need to remember one strong password—the one for the password manager itself. (Tip: Create a memorable long “passphrase” as described above.)
There are many password managers to choose from. Some are free, like the built-in password managers in your web browser, and some cost money. Search a trusted source for “password managers” like Consumer Reports, which offers a selection of highly rated password managers. Read reviews to compare options and find a reputable program for you.
When we use a password manager, we are much more likely to use a long, random and unique password on every site. And that makes it much harder for someone to steal our valuable information!
PRO TIP Check to see whether your email accounts, banks, healthcare providers and other important accounts enforce strong password requirements. If they let you use a short password or a dictionary word, ask them why. It’s your information they’re putting at risk!
And don't forget to enable MFA, especially for your email, social media accounts and financial accounts.
Emma Used Weak Passwords and Got Hacked
Emma was alarmed when she received a text alert from her bank confirming a $700 transfer request she hadn’t made. When she tried to log into her bank account to cancel the transfer, her password was rejected. She tried to reset her bank password but then found that she couldn’t log into her email to get the reset link.
That’s when Emma knew she’d been hacked—and it was because she’d used the same password on both accounts. Later Emma would discover her password was a part of a company breach that was posted online.
Emma spent many hours on the phone sorting through this mess and trying to reclaim her accounts. After many conversations, she finally got back into her email and bank.
Afterward, Emma knew she had to get serious about passwords. Her friend helped her set up a password manager, which was easier than she thought it would be. It suggests hard passwords when she makes new accounts. It also tells her which passwords are weak and helps make them stronger. She finally feels in control of her online safety.
Other Ways We Can Protect Ourselves Online
Online criminals look for easy targets, like people who don’t take basic precautions. If we take the following steps, we won’t be as vulnerable to their deceptive tactics. It will be much harder to scam us or steal our information. Let’s start now.
Secure Yourself & Your Family
We can all protect ourselves, our friends and our families from online threats. It’s fast. It’s easy.
Recognize & Report Phishing
Phishing is a tactic used to get us to open a malicious attachment or share personal information. Learn what to look for to avoid the "phish hook."
Turn on MFA
Multifactor authentication means using more than a password to access an app or account. With MFA, we might be asked to enter a text code or use a fingerprint. It alerts us and prevents others from accessing our accounts.
Update Software
Don't delay software updates. Flaws in software can give criminals access to files or accounts. Programmers fix these flaws as soon as they can, but we must install updates for the latest protection!
Related Content
October is Cybersecurity Awareness Month
Download the free Cybersecurity Awareness Month 2024 toolkit!
Choosing and Protecting Passwords
Learn more about developing strong passwords and protecting them here.
Cybersecurity Best Practices
CISA provides information on best practices to help individuals and organizations implement preventative measures and manage online risks.