10 Essential Password Security Tips

Your job is to make life difficult for a hacker. Using personal details in your passwords, especially details that cybercriminals can uncover through public records or social media – like your birthday, hometown or pet’s name – makes their job far too easy. 

When possible, consider using passphrases that consist of a nonsensical collection of random words that are easy for you to remember, but hard for anyone else to guess.  

Generally, longer passwords are less likely to be cracked. Focus on generating passwords that are at least 16 characters. 

More than two in three people continue to use the same password across multiple accounts.¹ Hackers know password reuse is rampant, which is why when a credential breach occurs, hackers will use stolen usernames and passwords from one site to attempt to log into many others.  

Daunted by the prospect of remembering dozens of unique, 16-character passwords? That’s where a password manager comes in. It’s essentially a digital vault that securely creates, encrypts and stores unique, complex passwords for every account. You then only need to remember your master password or passphrase for your password manager app.

As soon as you learn that one of your passwords has been compromised, be sure to update any accounts using that password. Many password managers will review your existing passwords for you first and tell you if they should be updated because they’re weak, reused or have been exposed in data breaches. If so, they’ll generate new passwords. 

Did your new Wi-Fi router come with a default username and password? Make sure to change both ASAP. Leaving default passwords on your hardware or networks unchanged could make you low-hanging fruit for an attacker. 

In short, don’t share your passwords. That’s especially true when someone initiates a conversation with you and requests your password. This could be a phishing attempt to trick you into revealing your login credentials. In general, keep your password as private as your PIN numbers. It’s that important.

Public computers like those in a hotel lobby or business center are just that … public. These devices could be infected with malware that captures your keystrokes when you log into your sensitive accounts like your email or banking institutions.

Applying MFA in addition to the password best practices above will further protect access to your accounts. MFA makes it more challenging for hackers because they’ll need to supply more than your password to access your account, such as a one-time passcode sent via SMS or an authenticator app.