Password Securityperson typing a password into a computer

Top Tips for a Secure Password

One of the easiest ways hackers can get your information is through weak passwords. Creating strong passwords is one of the best ways to protect yourself against identity theft and fraud. We’ve assembled a list of tips to keep your accounts secure and safe. 

Do not use the same passwords for multiple accounts

It may seem like a challenging task to create a different login credential for each account, but it’s worth the effort. If you use the same password or variations of the same password for every account, once a hacker has one, they have them all. Additionally, not all accounts are created equal. Untrustworthy retailers, subscription sites, or apps that don’t require or use payment information may not make security their top priority.  

Do not use single, obvious words or numbers in your passwords.

What is considered an “obvious” word? Any information a hacker could easily find with a quick google or social media search.  This can include a pet’s or child’s name, the year you were born, or perhaps a street address. Get a little creative instead.

Create complicated passwords or passphrases

Okay, a different, creative password for each account, and they all have to be complicated? Well, yes. But don’t worry, there is a recommended tip for this seemingly lofty task: passphrases. Passwords like “Spot1976” are weak, but passphrases like “SpotL!cksPeanutButter&2” is strong. Enhance your passwords with mixed symbols and varied capitalization make for strong passwords, but make sure you aren’t using obvious substitutions every chance you get (e.g. replacing every “o” with “0” or “a” with “@”)

Do not use similar passwords when you need to update them

In general, but especially if you suspect your accounts have just been hacked, do not update your password with only a slight variation. E.g. If you password is “SpotL!cksPeanutButter&2”, your updated password should not be “SpotL!cksPeanutButter&3”.

Add a two-factor authentication whenever possible

Two-factor authentication sends an alert to your phone – usually in a text, call, banner alert, or through an app – and requires you to approve of the login attempt. Apps like Duo make this process easy, because they require a quick tap to “approve” or “deny”, and the request to do so quickly expires. Other two or multi-factor authentication installations can require you to enter an authentication code. These requests and codes also all quickly expire.

Don’t write your passwords down

Of course, the easiest way to remember your passwords is to not remember them at all. But try to refrain from writing them down. According to one study, 38% of people admit to writing down their password (and those are just the people who admit to it). If you absolutely cannot remember your passwords, instead of writing (or typing) them down, create hints. However, be mindful of your hints. If your password is "Sp0t_1976!", do not write down a hint that says "dog_my birthday!". This is also why a variety of passphrases are better choices. If your password is "SpotL!cksPeanutButter&2", the hint could be "PB" and only you know its your passphrase about Spot's favorite treat.  

Know how your accounts work

Ensure that you are familiar with the account login protocol for various companies or apps. To learn more about how hackers can impersonate these trusted companies and coerce you into sharing your login credentials, read our blog on email scams.

For more information on identity theft and fraud, or what to do if you suspect you have been a victim of identity theft, visit our Identity Theft Resource Center.