How to create strong passwords

Your password is your first line of defense against hackers and unauthorized access to your accounts. The strength of your passwords directly impacts your online security.

Combine unrelated words to make stronger passwords

To create a strong password, try combining two or more unrelated words. It could even be an entire phrase. Then change some of the letters to special letters and numbers. The longer your password, the stronger it is.

A single word with one letter changed to an @ or ! (such as p@ssword!) doesn’t make for a strong password. Password cracking programs contain every type of these combinations, in every single language.

Certain words should be avoided in all passwords

Many people use familiar people, places or things in passwords because it makes their passwords easy to remember. This also makes your passwords easy for hackers to guess.

Passwords that contain the following information are insecure because they’re easy to figure out. You can find much of this info after reviewing someone’s social media profiles.

  • Pet names
  • A notable date, such as a wedding anniversary
  • A family member’s birthday
  • Your child’s name
  • Another family member’s name
  • Your birthplace
  • A favorite holiday
  • Something related to your favorite sports team
  • A favorite hobby
  • The name of a significant other
  • The word “Password”

Use different passwords for every account

To keep your accounts as secure as possible, it’s best that every single one has a unique password. If one account gets breached, then hackers can’t use those login credentials to gain access to other accounts. While no one can stop hackers from hacking, you can stop reusing the same password everywhere. Password reuse makes it far too easy for cyber criminals to attack one site and get your password for others.

Use a password manager to remember all your passwords

The average person has about 100 accounts with passwords to keep track of. Remembering them all isn’t easy, but a password manager makes the task easy. A password manager, like the built-in Firefox Password Manager, is a piece of software that keeps all your password safe, encrypted and protected. Some can even generate strong passwords for you and automatically enter them in to websites and apps.

Password managers act like a digital safe-deposit box for all your online accounts. You just need one key to get into your accounts: A single, easy-to-remember but hard-to-guess password. That password unlocks the safe.

But what if your password manager gets hacked? A good one keeps your passwords encrypted behind a password they don’t know (only you do). They also don’t store any of your credentials on their servers. While no single tool can guarantee total online safety, security experts agree that using a password manager is far more secure than using the same password everywhere.

Add an extra layer of security with two-factor authentication

Many websites offer two-factor authentication, also known as 2FA or multi-factor authentication. On top of your username and password, 2FA requires another piece of information to verify yourself. So, even if someone has your password, they can’t get in.

Withdrawing money from an ATM is an example of 2FA. It requires your PIN code and your bank card. You need these two pieces to complete the transaction.

Websites that support 2FA include Google and Amazon. When you have 2FA enabled, the site will text you a code to enter after your password. Other forms of 2FA include YubiKeys USB ports and security apps like DUO.

When you set up 2FA, many sites will give you a list of backup codes to verify your account. A password manager is a great place to store these codes.

This post is also available in: Deutsch (German) Français (French)


Share on Twitter