Security

How to Create a Secure Password

Your first line of defense is a password or a passphrase to help prevent unauthorized people from accessing your personal information. Creating a solid password is the most important security control available to you.

Here are some tips for creating a strong password.

How do you create a secure password?

Strong passwords help protect your data by making it difficult for others to access your account. A poorly chosen, easy-to-guess password could allow your sensitive personal information to be compromised. Passwords shouldn’t include "guessable" data such as information about yourself, your spouse, your pet, your children, birthdays, addresses, phone numbers, locations, etc.

Mix it up. Passwords should be comprised of a mix of upper- and lowercase letters, numbers, and special characters like punctuation marks and symbols. Ideally, your password will not start with a capital letter or an obvious keyboard sequence like “qwerty” or “12345.”

The longer the better. Typically, passwords have eight characters, which include a mix of letters, numbers, and symbols. While that minimum is still widely accepted, experts have found that a hacker can crack a password of that length and complexity in approximately four minutes. So, the longer the password, the better. Create a password with a minimum of 15 characters that include lower- and uppercase letters, numbers, and symbols. A password of that length and complexity could take much longer than two years to crack.

Consider a passphrase. An example of a strong password that’s easy to remember is a passphrase. This is a series of three to four words strung together with characters and symbols that contain the necessary complexity to be secure. An example of a strong passphrase could be “door desk computer phone,” which would become “dOord3sk!computer?phone.”

What is a password manager and why is it useful?

A 15-character password may be difficult to remember. That’s where a password manager app may be able to help. A password manager, also known as a “password vault,” can store your passwords in a secure, virtual space. Vaults such as LastPass, for example, only require you to remember one password to sign in to the app. From there, the app does the work of helping you create complex passwords and later, storing and recovering them. There are many password managers available so research them carefully to find one that will best meet your needs.

How to protect your password

The process is not completed with a password selection. It doesn't matter how carefully you choose a password if you aren't equally diligent about keeping it protected and secure. When available, enable two-factor authentication (2FA), an added layer of protection that goes beyond usernames and passwords to help ensure the security of online accounts. Two-factor authentication is a combination of something you have (e.g., mobile phone), something you know (e.g., security questions), or something you are, like a fingerprint, face scan, or voice sample. A long and strong password, combined with 2FA, may be your best protection against would-be thieves and password attacks.

How to keep your passwords safe

Now that you have a strong password or passphrase and enabled two-factor authentication (2FA), here are some additional password security tips to keep in mind:

  • Keep your passwords private. Don’t disclose your passwords to anyone.
  • Avoid sharing passwords using email. Never send your passwords via email or provide a password over the phone.
  • Keep your passwords in a secure place or app. Don’t leave your passwords unsecured.
  • Use new passwords. Don’t reuse passwords across different systems or accounts.
  • Take the sign-in process option each time. Don’t check the "save password" box when signing into online accounts or applications.
  • Keep your passwords away from browser archives. Don’t allow web browsers to save passwords.

By using these tips, you are taking proactive steps to keep your data secure with strong and secure passwords.