How to Create a Secure Password and Keep Your Online Information Safe

Serious young woman using her mobile phone while sitting on sofa in the living room at home.

With just about every app and website requiring you to create an account, you probably have dozens, if not hundreds, of passwords to keep track of. So when setting up yet another new account, it might be tempting to default to the same password you've used for years, or to something unforgettable like your birthday. Don't do it.

Passwords that are easy for you to remember can also be easy for others to guess. This makes your personal data more vulnerable to hacking, which can lead to financial fraud and identity theft. In fact, research shows over half of data breaches involve leveraging weak, stolen or default passwords.

6 Tips for Creating a Strong Password

Creating a secure password requires a combination of several techniques. Here some tools and rules of thumb to make it easy for you:

  1. Use long passwords. The more characters you use, the harder it is for hackers to crack your password. For example, according to CSO, which analyzes and researches security and risk, a hacker can use an automated botnet (a network of connected devices used for malicious attacks) to guess an eight-character password of mixed case and numbers in as little as 31 minutes. But with a 10-character password using a mix of letters, numbers and symbols, it would take them three years. It's smart to use as many characters as the website allows.
  2. Make your passwords easy to remember. Consider stringing together a few random words. It could be words from your favorite quote, poem or song, or even your favorite food. For better encryption, make a password using just the first letter of each word.
  3. But don't make them too simple. Some hackers use tools that randomly guess passwords using words in the dictionary, so it's even better if you can add in special characters, numbers, capital letters and, if the website allows it, spaces.
  4. Use multi-factor authentication (MFA) when you can. Many larger sites, such as Google and Facebook, let you opt for a two-step login process. Rather than just entering your password, you'll also be required to take a second step to prove your identity, such as entering a code that's texted to your mobile device.
  5. Use a password manager. Experts recommend that you don't use the same passwords for multiple websites because if one is hacked, your other logins on other sites are compromised. Password management tools, such as LastPass and 1Password, store passwords securely so you don't have to remember them all, and they can also generate strong new passwords for you. If you're not ready to give up all your passwords to a third party, go old school and write them in a notebook you keep in a secure place in your house. That still opens the door to thieves if your house is broken into, but it's safer than using the same passwords on different sites or creating a file for passwords on your computer.
  6. Create strong passwords and don't change them unless you have to. While some online systems require you to change your password at set intervals, the National Institute of Standards and Technology reports that people tend to choose weaker passwords when they have to change them often. Don't make that mistake.

4 Things to Avoid When Creating a Password

There are also a few key things to avoid when making a strong password:

  1. Avoid using personal information. If someone knows a few key pieces of data about you, from either public databases or social media, they might try to guess your password using your birthday, kids' or pets' names, or other personal details. When you create your password, don't use personal information that would be easy for someone to find and guess.
  2. Drop the common and default passwords.It's time to let go of passwords like "1234," "qwerty" or "password." They're just too easy for hackers to figure out.
  3. Don't use a single word—especially one followed by a single number. In other words, forget about "Password1." These are also too simple for hackers to guess.
  4. Don't reuse passwords. Try to avoid using the same passwords across different sites, and don't repeat passwords you've previously used.

Other Ways to Protect Your Account Information

Beyond creating a secure password, here are some other tactics you can use to keep your digital information safe:

  • Read alerts about data breaches. If a company you do business with sends an email or letter telling you they've had a breach, don't ignore it; review the details so you know what information was compromised. It's also smart to take proactive measures, such as changing your password with that business. You also have the right to lock or freeze your credit or place a fraud alert on your credit reports for extra protection.
  • Watch out for identity theft. Regularly check your account statements and credit report so you can spot potential early warning signs of identity theft, such as new accounts or transactions that weren't created by you. You can also use products like Experian's identity theft monitoring, which helps proactively protect your identity.
  • Take other digital security measures. Make sure your home Wi-Fi is password-protected. It's also a good idea to use antivirus software that regularly scans for malware. Make sure to always install security updates on your computer when prompted. Also, keep an eye out for phishing attempts; this is when a hacker sends an email posing as a business and asking for your login information or other personal data. Don't open attachments or click links in emails from senders you don't recognize.

While there is no way to make your online accounts 100% hacker-proof, taking these easy steps to create stronger passwords can help keep your digital accounts more secure.