This post was originally published on August 3, 2017 and was updated on October 10, 2019.
There’s never been a better time to beef up your security with stronger passwords. A Consumer Reports survey found that more than 50 percent of U.S. adults have six or more password-protected accounts online. Other research suggests that by 2020, there will be 100 billion online passwords in use all around the globe. Each one of these accounts is a potential target for hackers — and needs stronger passwords.
Consumer Reports research suggests that poor website security is a major concern across the web, which makes it easier for hackers to gain access to highly personal information. (Take the recent Macy’s data breach as just one example.) Meanwhile, better hacking tools and lower hacking costs mean there are more hackers than ever before.
While there is no way to guarantee that your accounts won’t be hacked, one of the best lines of defense is to create stronger passwords.
10 tips for stronger passwords
Here’s how to craft stronger passwords that will help stave off malicious actors on the web:
Never use the same password for multiple accounts.
Don’t use personally identifiable terms.
Avoid using common words or phrases.
Use different types of characters.
Make it long.
Consider spelling things wrong.
Utilize multi-factor authentication.
Change your passwords regularly.
Never save or share passwords.
Use a password manager.
Ready to stay safer online? Let’s take a deeper dive into each password strategy.
1. Never use the same password for multiple accounts
Using the same password across different sites is a surefire way to decrease the security of said password. If a hacker determines your password for one site, they’ll be equipped to hack more of your accounts without any extra work on their part. The simplest way to avoid this disastrous scenario is to utilize not just stronger passwords, but distinct ones for each and every account.
2. Don’t use personally identifiable terms
Sure, using your son’s nickname, your favorite movie, your pet’s name and so on in your passwords makes it easy to remember them. But it makes them easy to hack, too.
Strong passwords do not have personal ties.
Hackers can find out these tidbits by mining your social media profiles, and odds are good that personally identifiable information will be the first thing they try if they’re attempting to log into your accounts. Avoid using this info in passwords and opt for something that’s harder to guess instead. (More on that in the next point.)
On a related note? Always be mindful of what you share online. Giving away too much personal information via your social media presence makes it all the easier for hackers to gain access to your accounts.
All right, it’s time to get into the nitty gritty of what makes for a stronger password — make passwords long and unusual. To craft stronger passwords, keep the following tips in mind.
3. Avoid using common words or phrases
In other words? “Password,” “12345” and “qwerty” are out. Also remember to avoid using easily identifiable information such as your spouse’s name, your wedding date and so on.
4. Use different types of characters
Instead of opting for just letters or just numbers, opt for a mixture of characters — including ones such as %, @, $, numbers, uppercase and lowercase letters, and so on.
Using lots of different character types makes it harder to guess your password.
It might help to think of a phrase in words, and then identify places to add in different characters. For example, “I am a fly fishing fanatic” might turn into iAm@fLyf!sh!ngF@n@t%c.
5. Make it long
The same Consumer Reports survey cited above found that 29 percent of people who use passwords for sensitive accounts utilize a password that has seven or fewer characters. That’s bad news, because the report also found that longer passwords take significantly longer to crack. (We’re talking the difference of weeks or even years!) Opt for eight characters at an absolute minimum; somewhere in the neighborhood of 15 is even better if you’re serious about stronger passwords.
6. Consider spelling things wrong
Intentional spelling mistakes can make it harder to guess a password. For example, the word “fantastic” might be guessable, but the word “fentestic” would be harder to crack.
7. Utilize multi-factor authentication
As the landscape of digital security evolves and stronger passwords become less of a sure thing from a security standpoint, multi-factor authentication is emerging as one potential solution.
Two-factor authentication requires that you both know the password for an account and possess a device that is linked to that account in some way.
For example, after trying to log into your account, you might receive a text on your phone with a code that allows you to complete the login process. Unless you have both the password and the extra security code, it will be darn near impossible to log in. Enabling two-factor authentication can make it much more difficult for hackers to access your account.
Related: What is two-step verification?
8. Change your passwords regularly
Passwords degrade in quality over time, because the longer a password is in use, the more time hackers have to attempt to crack it. Stay one step ahead of cybercriminals by changing your passwords on a regular basis.
As a general rule, it’s a good idea to change out all of your passwords at least every three months. Make sure to never reuse old passwords.
Even stronger passwords won’t protect you if you don’t protect them.
9. Never save or share passwords
Never save your passwords or check the “remember me” box when you’re using a public computer. Better yet, try to avoid logging into personal accounts unless you’re on a private device.
Avoid sharing your passwords with other people whenever possible.
Never share your password unless you are sharing it in person with someone you deeply trust. If you have a written list of passwords to help you remember them, avoid storing this list on your computer or phone.
Because electronic devices are hackable, this means you could potentially put all of your accounts at risk. If you must keep a list of passwords, use pen and paper and store the list in a secure place. Whenever possible, avoid writing down your stronger passwords — period.
10. Use a password manager
If you’re struggling to manage your stronger passwords (now that you’ve got them), consider using a password management system. Here's a roundup of some of the best password managers.
Regularly crafting stronger passwords (plus having to remember them) can be a real pain. But taking the time to create stronger passwords is undoubtedly less of a hassle than dealing with the fallout of being hacked. Follow these 10 basic tips for stronger passwords to stay safer online.