Password dos and don’ts

So many accounts, so many passwords. That’s online life. The average person with a typical online presence is estimated to have close to 100 online accounts, and that figure is rising. If you’re reading this, you’re probably in that category. You have a collection of primary accounts that you care the most about because they’re important and you access them frequently, like your email, social media, bank, media subscriptions, streaming services, etc.

Then you most likely also have a handful of lower priority accounts you set up without much thought, and some that you forgot about. Since those accounts are low priority, maybe you weren’t careful about password hygiene, and you slipped into bad habits like password reuse which can put your other accounts at a security risk should there be a data breach.

Here’s a list of handy Dos and Don’ts to put you on the right track when it comes to password security.



Do use long passphrases by combining two or more unrelated words. Also use numbers or special characters, but don’t rely on substituting @ for a or 3 for e, which are overly used and well known. Don’t use the word “password,” or any combination of it. “P@ssword!” is just as easy for hackers to guess.
Do make your passwords at least 8 characters long. Aim for a minimum of 12-15 characters. Don’t use short, one-word passwords, like sunshine, monkey or football.
Do use a combination of upper- and lower-case letters, numbers and symbols. Don’t place special characters (@, !, 0, etc.) only at the beginning or the end.
Do include unusual words only you would know. It should seem nonsensical to other people. Don’t include personal information like your birthdate, address or family members’ names.
Do keep your passwords protected and safe, like encrypted in a password manager. Don’t share your passwords. Also don’t put them on a piece of paper stuck to your computer.
Do spread various numbers and characters throughout your password. Don’t use common keyboard patterns like asdfjkl; or obvious patterns like 111111, abc123 or 654321.
Do create unique and complex passwords for every site. Don’t use the same password everywhere.
Do use an extra layer of security with two-factor authentication (2FA), especially for your primary email account Don’t think a weaker password is safer because you have 2FA.

The task of remembering your ever-expanding list of logins and password combos is a big one. A password management tool like the built-in Firefox password manager makes it much easier so you can save some brainspace for Prince lyrics and the ingredients in your grandma’s secret cookie recipe. Firefox can instantly generate tricky random passwords, save them securely, automatically fill in website and app login screens, and let look up your passwords when you need to.

If you’ve been curious about password managers but haven’t yet taken the plunge for one reason or another, you’re not alone. Check out these five myths about password managers, debunked.

This post is also available in: Deutsch (German) Français (French)

Share on Twitter