A strong password is your first line of defense against intruders and cyber criminals. Follow these tips to ensure your most private data stays private. Don’t just use one password. It’s possible that someone working at a site where you use that password could pass it on or use it to break into your accounts at other sites.
Create passwords that are easy to remember but hard for others to guess. When possible, use a phrase such as “I started 7th grade at Lincoln Middle School in 2010” and use the initial of each word like this: “Is7gaLMSi#2010.” And make them at least a little different (by adding a couple of unique letters) for each site. On some sites you might even be able to type in the entire phrase.
Make the password at least 8 characters long. The longer the better. Longer passwords are harder for thieves to crack.
Include numbers, capital letters and symbols. Consider using a $ instead of an S or a 1 instead of an L, or including an & or % – but note that $1ngle is NOT a good password. Password thieves are onto this. But Mf$J1ravng (short for “My friend Sam Jones is really a very nice guy) is an excellent password.
Don’t use dictionary words. If it’s in the dictionary, there is a chance someone will guess it. There’s even software that criminals use that can guess words used in dictionaries.
Consider using a password manager. Programs or web services like Lastpass (Windows and Mac) let you create a different very strong password for each of your sites. But you only have to remember the one password to access the program or secure site that stores your passwords for you.
Consider using multi-factor authentication. Many services offer an option to verify your identity if someone logs on to your account from an unrecognized device. The typical method is to send a text or other type of message to a mobile device registered to you with a code you need to type in to verity it’s really you. In most cases, you will not be required to use this code when logging on from a known device such as your own computer, tablet or phone.
Use a passcode or fingerprints for your phone too. Don't forget to secure your phone with a strong passcode! Your phone probably has access to more sensitive data than your computer. Ensure your phone is protected via fingerprint or strong passcode, not the 4 digit passcode. Finally, ensure your most sensitive apps (banking, retirement, email) have passcodes enabled as well. Most apps that have access to sensitive information allow you to set an additional passcode.