Skip to main content

How to Protect Your Accounts with Strong Passwords

Living in our digital world means that we have to create, use, and remember passwords. A lot of them.

From banking online to mobile food delivery; digital news subscriptions to electronic health records; music and television streaming services to email accounts—we rely on passwords to verify our identities and access the accounts and services we use every day. We know that good online security practices help protect our personal information from hackers, scammers, and identity thieves. Still, we’re human—and it’s tempting to take shortcuts.

Remember: choosing strong passwords is key. In this easy-to-follow guide, we cover the nuts and bolts of password security and offer tips for keeping your data safe. Ready to enjoy better piece of mind? Start here.

Passwords 101: What they are and why they matter

First, a basic refresher. What is a password and what is it for?

A password is a form of identification. It’s a way to prove that you are who you say you are, using “what you know”—in this case, a unique string of letters, numbers, and symbols that you’ve memorized or saved to a password manager (more on this later).

There are other ways to verify your identity, too. These include “what you have” (a physical object, like a bank card you insert into a machine); and “who you are” (physical characteristics like your fingerprint or face, called biometrics, that special technology can scan and recognize).

Each of these fall under the category of single-factor authentication: a fancy way of saying  that you only need to provide one type of credential to prove your identity. However, as data breaches become more common and hackers more sophisticated, more and more sites and services require us to sign in with multi-factor authentication.

What is multifactor authentication? Simply put, it’s a combination of one or more forms of identification. For example, when you visit an ATM, you first insert your bank card and then enter your PIN (personal identification number). Multifactor authentication is stronger than single-factor authentication because it provides another layer of security.

Why passwords are a problem (and why hackers love them)

Would you be surprised to know that passwords weren’t created for computers? In fact, they’ve been around for centuries—perhaps first used by ancient Greek and Roman soldiers to help identify themselves to each other. We’ve eagerly adopted passwords for use in today’s digital age, but they do have some pitfalls. Here are the primary ones:

  • The sheer volume of them. Trying to remember various passwords for different applications can be difficult and stressful.
  • The related temptation to re-use them—or to create “weak” passwords that are easy to recall. Unfortunately, both are simple for hackers to crack, steal, and use.
  • Their exposure during data breaches. Cybercriminals steal passwords every day; the website Haveibeenpwned.com reports nearly 15 billion accounts as of this writing.

Password hacking has become a lucrative business. If you’ve been using the same password for years—or repeating it across multiple sites—there’s a good chance it’s already been compromised. When hackers gain access to user credentials through a data breach, they often compile them into massive lists and sell them to other cybercriminals, who then use the information for their own scams. That’s why it’s so important to create unique passwords for every account and update them regularly to reduce your risk.

3 easy ways to create strong, unbreakable passwords

Despite these shortcomings, we won’t be ditching passwords any time soon. That’s why it’s essential to know how to create strong passwords for all of your online accounts and apps. Doing so helps protect you against hackers who seek to steal your money and your identity.

Here are some password best practices to follow:

Tip #1: Instead of using a word, use a phrase.

This phrase should contain a mix of letters, numbers, and symbols to make it harder to break. Use clever shorthand to create a string that’s meaningful to you, such as 2BorNot2B?74. Aim for something that’s at least 12 to 15 characters long.

Other strong password examples feature something called “the sentence method.” The idea is to think of a random sentence and transform it into a password using a specific rule. For example, if you take the first two letters of every word in “The Old Duke is my favorite pub in South London,” you’d get: ThOlDuismyfapuinSoLo. To anyone else, it’s gibberish, but to you it makes perfect sense.

Tip #2: Use multifactor authentication, especially for your email account.

Even if someone has your username and password, multifactor authentication can prevent them from logging in as you because they lack the second factor. A couple of things to keep in mind:

It’s common for site owners (like banks) to send a text message with a special verification code once you’ve provided your username and password. You then enter this code to fully log in and gain access to the site. However, it’s even safer and more secure to use an authentication app. This is because attackers have turned their attention to text-message authentication and are learning to crack that code.

Remember that your email account is the most valuable account you have! If a criminal gains control of it, they can take over every other account associated with your email. They simply enter your address on the site they’re trying to access, click “I forgot my password,” and voila! They intercept the email, reset your login credentials, and lock you out.

Tip #3: Use a password manager.

What is a password manager and how does it work? A password manager is a type of identity manager. It takes on the job of handling all of your passwords, making it easier to have strong and unique phrases across many applications. The best part? You only have to remember your master password.

How to use a password manager the right way

  • Create a very strong master password using the tips discussed earlier in this article. A weak master password makes it easy for criminals to hijack all of your identities.
  • If you need to, write down your master password and keep it in a highly secure spot in your home. This risk is acceptable if it helps reduce other risks to your identity.
  • Use multifactor authentication with your password manager.
  • If your password manager has recovery options, set those up as soon as you can. That way, you’ll be protected if you misplace or forget your master password (remember, if you lose that, you’re locked out of everything!).
  • Make sure that the email account attached to your password manager is also well-secured.

Detect AI Scams

Use Trend Micro Check to scan for AI face-swapping scams during video calls and get real-time alerts to a potential impersonation attempt. Stay ahead of deepfakes.

Visualization of Trend Micro Check in real-time, detecting deepfake anomalies on a video call.

Get NCOA in Your Inbox

Choose where we'll send you resources to support your health and financial well-being. Select the option(s) below that best describes you to get communication that matches your interests.

This field is required.
This field is required.
Please enter a valid email address.
Back to Top