How to Create and Keep Strong Passwords

Authored By: Tyler Stevenson on 5/2/2024

Happy World Password Day!

Your passwords are the keys to your life. And when it feels like there’s another big security breach every week, you want to be sure those passwords are strong and safe.

Follow these six steps below for super-strong passwords that will keep scammers guessing.

Step 1: Choose a password manager

The best way to ensure your passwords are secure is to use a password manager like 1password, Lastpass or Keepass. These services generate encrypted passwords for every website you use. You will then create one master password to use for logging into all of your accounts.

Step 2: Create an unbreakable master password

This code can open up every password of yours to potential scammers; so be extra careful about choosing one that is virtually unbreakable. Follow these rules for a strong password:

Make it long. Many sites require a password that is a minimum of 8 characters long, but a 12-character password is even stronger.
Be creative. Avoid using names, places and recognizable words, since these are easily cracked.
Mix it up. Vary your capitalization and the kinds of characters you use, switching back and forth from letters to numbers to symbols.

You can run your password through an online password checker to test its strength. Once you’ve created a super-strong master password, work on memorizing it. Write it down and then rip up the paper as soon as you’ve memorized it.

Step 3: Update all your passwords

Next, sync all the websites and accounts you use with your password manager. Follow the guidelines on your password manager for this step, as they differ with each service.

When you’re through, you’ll only be able to log into these sites with your master password.

Some sites employ outdated systems that won’t work with a password manager. For these sites, you will need to use different passwords. You can slightly amend your master password for these sites or create new ones using the guidelines above. Use a different password for every site.

Step 4: Use two-factor authentication

Add another layer of protection by choosing two-factor authentication whenever you have that option.

Step 5: Be careful with security questions

Security questions are extremely insecure; anyone can Google the answers. If all a scammer has to do to retrieve your password is answer a security question, the strongest password is worthless.

Treat security questions like passwords. Never answer them truthfully. Instead, make up mnemonics or nonsensical answers that are difficult to crack, but easy for you to remember.

Step 6: Don’t let your browser or phone “remember” your passwords

Keep your passwords in your head and not on your devices. Otherwise, you’ll be in deep trouble if your computer or phone is swiped.

Looking for more safety and security tips? Check out our Financial Resource Center, blog or security page.

« Return to "Blog"