Last updated: January 2023
Creating strong passwords is the first line of defense against cyber threats. Here are essential best practices to follow:
Aim for at least 12 characters, mixing uppercase, lowercase, numbers, and symbols. Longer passwords are exponentially harder to crack.
Dictionary words, sequential numbers, and keyboard patterns are vulnerable to brute force attacks. Use random combinations instead.
Each account should have a unique password. Reusing credentials across sites means one breach compromises multiple accounts.
Password managers generate and store complex passwords securely, requiring you to remember just one master password.
2FA adds an extra layer of security beyond your password, typically requiring a code from your phone or authentication app.
If a service you use reports a breach, change that password immediately and update any accounts using similar credentials.
Many security questions can be guessed or researched. Consider treating them like passwords with random answers.
While frequent changes aren't always necessary, updating passwords every 6-12 months helps maintain security.
Legitimate services will never ask for your password via email, phone, or text message.
Use our password strength checker tool to evaluate your current passwords and get suggestions for improvement.