Use Strong Passwords
Create long, random, unique passwords with a password manager for safer accounts.
An Easy Way to Protect Your Accounts
Simple passwords, such as 12345, or common identifying information, like birthdays and pet names, are not safe for protecting important accounts holding critical information. Using an easy-to-guess password is like locking the door but leaving the key in the lock. Weak passwords can quickly be broken by computer hackers. But it’s impossible to remember a unique strong password for every account!
The good news is that creating and storing strong passwords with the help of a password manager is one of the easiest ways to protect ourselves from someone logging into our accounts and stealing sensitive information, data, money or even our identities.
Stop Online Crime with Strong Passwords (Audio Description)
Strengthen Your Passwords with Three Simple Tips
A strong password follows ALL THREE of these tips.
1. Make them long
At least 16 characters—longer is stronger!
2. Make them random
Two ways to do this are:
Use a random string of mixed-case letters, numbers and symbols. For example:
- cXmnZK65rf*&DaaD
- Yuc8$RikA34%ZoPPao98t
Create a memorable phrase of 5 – 7 unrelated words. This is called a “passphrase.” To make it even better, get creative with spelling and/or add a number or symbol. For example:
- Strong: HorsePurpleHatRunBaconShoes
- Stronger: HorsPerpleHatRunBayconShoos
- Strongest: HorsPerpleHat#1RunBayconShoos
3. Make them unique
Use a different strong password for each account.
For example:
- Bank: k8dfh8c@Pfv0gB2
- Email account: LmvF%swVR56s2mW
- Social media account: e246gs%mFs#3tv6
It’s hard to remember all these long passwords and we don’t want to save them in a file on a computer. Instead, use a password manager. See below!
Passwords Tip Sheet
Download the Secure Our World Passwords Tip Sheet to share with friends and family.
Use a Password Manager
Remembering long, random and unique passwords for every account is not possible. Rather than write them down, use a password manager, an easy-to-use program that stores all your passwords. Password managers tell us when we have weak or re-used passwords and many of them can offer to generate strong passwords for us. They can also automatically fill logins into sites and apps as we move from one to another.
We only need to remember one strong password—the one for the password manager itself. (Tip: Create a memorable long “passphrase” as described above.)
There are many password managers to choose from. Some are free, like the built-in password managers in your web browser, and some cost money. Search a trusted source for “password managers” like the Consumer Reports, which offers a selection of highly rated password managers. Read reviews to compare options and find a reputable program for you.
When we use a password manager, we are much more likely to use a unique, strong password on every site. And that makes it much harder for someone to steal our valuable information!
PRO TIP Check to see whether your email accounts, banks, healthcare providers and other important accounts enforce strong password requirements. If they let you use a short password or a dictionary word, ask them why. It’s your information they’re putting at risk!
Emma Used Weak Passwords and Got Hacked
Emma was alarmed when she received a text alert from her bank confirming a $700 transfer request she hadn’t made. When she tried to log into her bank account to cancel the transfer, her password was rejected. She tried to reset her bank password but then found that she couldn’t log into her email to get the reset link.
That’s when Emma knew she’d been hacked—and it was because she’d used the same password on both accounts. Later Emma would discover her password was a part of a company breach that was posted online.
Emma spent many hours on the phone sorting through this mess and trying to reclaim her accounts. After many conversations, she finally got back into her email and bank.
Afterward, Emma knew she had to get serious about passwords. Her friend helped her set up a password manager, which was easier than she thought it would be. It suggests hard passwords when she makes new accounts. It also tells her which passwords are weak and helps make them stronger. She finally feels in control of her online safety.
Other Ways We Can Protect Ourselves Online
Online criminals look for easy targets, like people who don’t take basic precautions. If we take the following steps, we won’t be as vulnerable to their deceptive tactics. It will be much harder to scam us or steal our information. Let’s start now.
Secure Yourself & Your Family
We can all protect ourselves, our friends and our families from online threats. It’s fast. It’s easy.
Recognize & Report Phishing
Phishing often tries to get us to open a harmful attachment or share personal information. Learn what to look for to avoid the "phish hook."
Turn on MFA
Multifactor authentication means using more than a password to access an app or account. With MFA, we might be asked to enter a text code or use a fingerprint. It makes us much safer from someone accessing our accounts.
Update Software
Don't delay software updates. Flaws in software can give criminals access to files or accounts. Programmers fix these flaws as soon as they can, but we must install updates for the latest protection!
Related Content
October is Cybersecurity Awareness Month
Learn how to get involved and become a Cybersecurity Awareness Month partner!
Choosing and Protecting Passwords
Learn more about developing strong passwords and protecting them here.
Cybersecurity Best Practices
CISA provides information on best practices to help individuals and organizations implement preventative measures and manage online risks.