Skip nav to main content.

Tips for creating secure passwords

Creating a strong password is an essential step in protecting yourself online. Using long and complex passwords is one of the easiest ways to defend against cybercrime. No one is immune to cyber risk, but there are steps you can take to minimize the chances of an incident.


Creating a password tip card:


Creating a strong password is easier than you might think. Follow these simple tips to protect yourself online:

1. Make your password ten characters or longer. Create a password with ten characters or more, but no longer than 15, and use a combination of letters, numbers, and symbols.

2. Use a long passphrase. Consider using a passphrase such as a news headline or the title of the last book you read. Then, add in some punctuation and capitalization.

3. Avoid making passwords easy to guess. Do not include personal information such as your name or pets’ names. Cybercriminals can easily find this information on social media, making it easier for them to hack your accounts.

4. Avoid using common words in your password. Instead, substitute letters with numbers and punctuation marks or symbols. For example, you can replace the letter “A” with “@”, and the letters “I” or “L” with an exclamation point (!).

5. Get creative. Use phonetic replacements, such as “PH” instead of “F.” You can also intentionally misspell words in an obvious manner, like using “enjin” instead of “engine”.

6. Never share your password. Don’t tell anyone your passwords, and be cautious of attackers trying to trick you into revealing them through email or calls.

7. Use unique passwords for each account. Avoid using the same password for different accounts and devices. In the event that attackers guess one password, they won’t have access to all of your accounts.

8. Use stronger authentication. Always enable stronger authentication when available, especially for accounts with sensitive information such as email or bank accounts. Stronger authentication helps verify authorized access to an online account. For instance, it could involve receiving a one-time PIN via text message on a mobile device, adding an extra layer of security beyond the password and username.