6 Tips for Creating a Strong Password

The easiest way to make an unguessable password is to make it unusual. That means avoiding common words and phrases (like “password”).

But a strong password isn’t just a matter of shunning common words. You also need to avoid things common for you, like your kids’ or pets’ names or anything else that might come up as a security question at a bank. That includes significant dates, birthdays or anniversaries especially.

So what should you do instead? A complex password is usually a good password. It’s best to use lowercase and uppercase letters, numbers, symbols, and other special characters to get that ideal security level.

Luckily, many websites won’t accept a password that isn’t sufficiently complex

The more words and letters in your password, the more unlikely someone will crack it. Make your passwords a living nightmare for hackers by keeping things on the lengthy side.

As an example, you could turn IL0veKittens into IL0veKittens!!!December2017 (which is when you discovered you love kittens, of course).

Don’t reuse your old passwords—especially if it’s a password you’ve been using for years. Ideally, you should have a different password for every account.

If a bad actor gets the password to one account, they may try that same info to log in to another. If you’re a reuser, you’re toast.

A password on the loose is more common than you might think! Some legacy websites (like Neopets, for instance) haven’t kept up with security measures over the years and have been hacked multiple times. So your email + that password you made when you were 13 years old could be for sale on the dark web from identity thieves.

Luckily, some password managers will tell you if your passwords have been compromised. You just have to be proactive about looking for that info—it’s usually kept on the password manager home screen, not actively shared with you through notifications or emails.

It’s hard to come up with a unique password for everything when you have dozens of accounts. Give your noggin a break by using a password generator—a form of AI that generates long, complex password strings.

It’s wise to use generated passwords when you can because they’re nearly impossible to guess—they’re completely random and have nothing to do with your history or personality.

The only downside here? These long passwords can be hard to remember, so you may need help keeping track of them by using a password manager or physically writing them down and stashing them elsewhere.

Concerned about remembering these unique/long/all-new/AI-generated passwords? Don’t worry—a password manager can help with that.

Password managers are one of the best ways to handle passwords for multiple accounts, especially when they have strings of numbers or special characters. And those 20-character AI-generated passwords—oof. How could you ever remember those?!

Password managers that store all your passwords together seem unsafe, but that’s not necessarily the case. As long as you guard your manager with a secure master password and multi- or two-factor authentication, you should be golden. Most folks who buy your stolen passwords won’t have access to your phone or other mobile devices, making it extremely difficult to get past the two-factor authentication process.

If you choose not to use a password manager or worry about remembering the master password to the password manager, you may want to physically store your passwords somewhere.

This gets a little tricky, because if you store the info too close to your devices, it’s easy for hackers and other cybercriminals to find it. They might even be able to see it through your webcam!

But if you hide it too cleverly, you yourself may not remember where it is.

The best place is a location that’s secure but not forgettable. Maybe a discreet desk drawer or filing cabinet.

Most of the time, our strong password tips will keep you safe online. But even with the best precautions, sometimes your personal information (usernames, passwords, and the info they protect) will still be compromised.

We recommend looking into identity theft protection before something goes wrong—not after.