Key Takeaways

  • A password is a string of characters used to confirm your identity when you’re using a computer or device.

  • Weak passwords and password re-use are common problems that make it easier for hackers to gain control of private accounts.

  • Learn steps you can take to create and manage theft-proof passwords for the sites and applications you use every day.

Most of us know that choosing strong passwords is important. However, if you’re not tech-savvy, the topic of password security can feel overwhelming. Not to worry! We’ve created an easy-to-follow guide on how to use passwords below. These smart password tips will help you keep your information safe and enjoy more peace of mind in this increasingly digital world.

Understanding passwords: The what, why, and how

We use passwords every day—to log into our computer, access our smartphone, make online purchases, and get money out of the ATM. But what is a password and what is it for? A password is a string of characters used to authenticate you—or confirm you are who you say you are—when you’re using a computer system. Most passwords are made up of letters, numbers, and symbols and don’t include spaces.

Passwords are a type of single-factor authentication that falls into the category of “what you know.” Other ways to authenticate you include “what you have” (e.g. a bank card you insert into a machine) and “who you are” (e.g. biometrics such as fingerprint scans).

These authentication factors can also be combined to create multifactor authentication. What is multifactor authentication? It’s an approach requiring you to confirm your identity from at least two different categories. For example, when you visit an ATM, you must enter a PIN (personal identification number) in addition to inserting your bank card. Multifactor authentication is stronger than single-factor authentication because it provides another layer of security.

The (big) trouble with passwords today

It may surprise you to know that passwords weren’t created for computers. They are a very old concept, first used by the military in ancient times. While we’ve eagerly put passwords into practice in the digital age, they’re not without their pitfalls. Here are the primary ones:

  • We use passwords everywhere, from online shopping to news and social media sites. This means most of us have to remember countless passwords so that we can use them at any given time. That’s a lot of information to juggle, and trying to recall various passwords for different applications can be difficult and stressful.
  • Since we have so many passwords to manage, some of us take the simple route by re-using passwords we’ve already created for other applications. Or, we may come up with weak passwords that are easy to remember. Reused passwords are a danger because once they’re cracked or stolen, they can be used to gain entry on multiple sites. Weak passwords are easy for hackers to guess or crack using modern password-cracking tools.
  • Given the rise in data breaches by sophisticated hackers, stolen passwords are now a big problem. According to the website Haveibeenpwned.com, more than 11 billion accounts have been stolen to date. When you combine this with password reuse, it can be easy for a cyberthief to break into multiple accounts and wreak havoc with someone’s life and finances.

How to create a strong password: 3 key tips

Although passwords have their shortcomings, we won’t be getting away from them any time soon. That’s why it’s essential to know how to create a strong password for any website or digital application. Here are some password best practices to help you keep your accounts safe and sound.

  1. Instead of using a word, use a phrase. This phrase should contain a mix of letters, numbers, and symbols to make it harder to break. Use clever shorthand to create a string that’s meaningful to you, such as 2BorNot2B?74. Aim for something that’s at least 12 to 15 characters long.

    Other strong password examples feature something called “the sentence method.” The idea is to think of a random sentence and transform it into a password using a specific rule. For example, if you take the first two letters of every word in “The Old Duke is my favorite pub in South London,” you’d get: ThOlDuismyfapuinSoLo. To anyone else, it’s gibberish, but to you it makes perfect sense.
  2. Use multifactor authentication, especially for your email account. Even if someone has your username and password, multifactor authentication can prevent them from logging in as you because they lack the second factor. A couple of things to keep in mind:

    Having the site owner (e.g. your bank) send you a text message with a verification code—which you then enter at login to gain access to the site—is a common two-factor authentication approach. However, using an authentication app is a safer and more secure way to protect your account. This is because attackers have turned their attention to text-message authentication and are learning to crack that code.

    Remember that your email account is the most valuable account you have! If an attacker has control of it, they can take over every other account that uses it for password resets.
  3. Use a password manager. What is a password manager and how does it work? A password manager is a type of “identity manager.” It takes on the job of handling your passwords, making it easier to have strong and unique phrases across many applications. The best part? You only have to remember your master password. Here’s how to set up a password manager effectively:
  • Create a very strong master password using the tips discussed earlier in this article. If that password is stolen, all of your identities can be hijacked.
  • If you need to, write down your password and keep it in a highly secure spot in your home. That risk is acceptable if it helps mitigate other risks to your identity.
  • Use multifactor authentication with your password manager.
  • If your password manager has recovery options, set those up as soon as you can. That way, you’ll be protected if you misplace or forget your master password (remember, if you lose that, you’re locked out of everything!).
  • Make sure that the email account attached to your password manager is also well-secured.

Want more tips for keeping your digital information safe? Learn about other ways you can improve your personal cyber security.