last updated 01/09/2020
Creating strong, unique passwords for each of your online accounts is the best way to prevent hackers from gaining access to your information and accounts. It’s not easy to remember strong, unique passwords for every account, so we recommend that you use a password manager (for example: 1Password, KeePass, LastPass, or LogMeOnce) to help manage them for you.
Here are some tips on how to create unique passwords and protect your information:
- Use a different password for every account you have.
- Use a complex password that contains numbers, symbols, and upper and lower case letters.
- Use passwords at least 12 characters in length.
- Change your passwords at least once a year.
- Ignore requests by websites or browsers to "remember" your password.
If you don’t use a password manager, create a core password that you remember, but never write down. Your core password should be something hard to guess, like Firebird99. This core password can then be used as part of all of your passwords. In the examples below, imagine the core password is used anywhere there is a long underscore:
What makes a weak password?
Weak passwords are by definition anything that is easily guessed. Between social media and public records, any of the following would make for a weak password:
- Your name, birthday, anniversary, pet name, social security number, or favorite sports team.
- Your family members names, birthdays, or pet names.
- Any password you have used before.
- Number or keyboard sequences like 123456 or qwerty.
For example, if your daughter Susan was born in 2015, a password of Susan2015 would be easy to guess.