Random combinations of upper and lowercase letters, numbers, and symbols are best. Avoid using recognizable words and phrases or series of numbers such as dates. One tip is to think of a sentence (“My dog likes to chase a yellow ball,” for example), then use just the first letter of each word in the sentence. Convert one or two of those letters to numbers or symbols to create a stronger password.
More tips for creating passwords that are hard for cybercriminals to crack:
- Don’t reuse passwords. Create an individual, strong password for every website, account, and device.
- Use hardest passwords for most sensitive information. Prioritize your passwords by using the strongest ones for your bank account, credit card websites, email, and other access points to your personal and financial information. Save simpler passwords for less sensitive sites.
- Use two-factor authentication. Some sites, such as banks and web-based email providers, offer you a two-step process to log in. The system will generate a random number after you sign in with your username and password, which is sent to a mobile device or a special token device. You enter that random number as well as your username and password to log in. That way, if your password is stolen from a password database, your information still cannot be accessed.
- Change passwords regularly. Change your passwords at least every 90 days, sooner if you suspect someone has accessed one of your accounts.
- Keep passwords private. Don’t share passwords with anyone.