How to choose secure passwords

Passwords are your protection against fraud and loss of confidential information, but few people choose passwords that are really secure.

Make your password as long as possible

The longer a password is, the harder it is to guess or to find by trying all possible combinations (i.e., a brute force attack). Passwords of 14 characters or more are vastly more difficult to crack.

Use different types of characters

Include numbers, punctuation marks, symbols, and uppercase and lowercase letters. On mobile devices that are not designed for easy special character input, consider using longer passwords with different characters.

Don’t use dictionary words

Don’t use words, names or place names that are usually found in dictionaries. Hackers can use a dictionary attack (i.e., trying all the words in the dictionary automatically) to crack these passwords.

Don’t use personal information

Other people are likely to know information such as your birthday, the name of your partner or child, or your phone number, and they might guess that you have used them as a password.

Don’t use your username

Don’t use a password that is the same as your username or account number.

Use passwords that are difficult to identify as you type them in

Make sure that you don’t use repeated characters or keys close together on the keyboard.

Consider using a passphrase

A passphrase is a string of words, rather than a single word. Unlikely combinations of words can be hard to guess.

Try to memorize your password

Memorize your password rather than writing it down. Use a string of characters that is meaningful to you, or use mnemonic devices to help you recall the password. There are good free programs available that will help you manage your passwords.

Reputable password management programs can help you choose unique passwords, encrypt them and store them securely on your computer. Examples include KeePass, RoboForm and 1Password.

Use different passwords for each account

If a hacker cracks one of your passwords, at least only one account has been compromised.

Don’t tell anyone else your password

If you receive a request to confirm your password, even if it appears to be from a trustworthy institution or someone within your organization, you should never disclose your password (see Phishing emails).

Don’t use your password on a public computer

Don’t enter your password on a publicly available computer (e.g., in a hotel or Internet café). Such computers may not be secure and may have keystroke loggers installed.

Change your passwords regularly

The shorter or simpler your password is, the more often you should replace it.

Back to Safety Tips

Back to Threatsaurus Home

download Threatsaurus: A-Z of Threats
Download now