How to create and protect a strong password

Woman looking at a laptop and trying to create a strong passwordImage: Woman looking at a laptop and trying to create a strong password

In a Nutshell

To keep your information secure from identity thieves, you have passwords for nearly everything you do online. Find out the dos and don'ts of creating a strong password and keeping it safe.
Editorial Note: Intuit Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors’ opinions. Our third-party advertisers don’t review, approve or endorse our editorial content. Information about financial products not offered on Credit Karma is collected independently. Our content is accurate to the best of our knowledge when posted.

Creating a strong password for each of your accounts can help protect you from identity theft.

Whether you’ve dealt with identity theft in the past (a major pain) or simply want to avoid it, making a strong password is a vital step you should take to protect your information.

Fortunately, creating a strong password is more of a science than an art. There are certain guidelines you can follow to help you create good passwords and improve your password security.

  1. Create a long, random password
  2. Avoid using single dictionary words
  3. Use simple memory techniques or a password manager to remember your passwords
  4. Follow proper password security measures
  5. Enable two-factor authentication

1. Create a long, random password

First, you want to make your password diverse and complex — ideally one that uses random alphanumeric and special characters. On top of that, generally the longer your password is, the better; using between eight and 15 characters (or more) can help.

For example, a strong password would be 15kR}545C00t46c. It’s long and contains a variety of characters with no notable patterns.

A weak password would be 123abc! because it has a predictable pattern and not enough characters. You should also avoid using sequences like 12345, keyboard patterns like qwertyuiop (the first line of letters on a keyboard) or repetitive characters like aaaaa.

“Every additional character you add to a password makes it more difficult for a hacker to guess or break your password,” says Michael Levin, CEO and founder of the Center for Information Security Awareness (CFISA). Levin previously worked as branch chief of the U.S. Secret Service Electronic Crimes Task Force program.

Levin says that by using a mixture of letters, numbers and symbols, you also make password discovery through guessing or easily-available password cracking tools more difficult.

2. Avoid using single dictionary words

Stay away from using a lone dictionary word as your password. If your password is a common word, it could be an easy hack. Since you usually get a limited number of login attempts before your account is locked, a hacker trying to figure out your password might start out with common dictionary words.

Rather than using a single dictionary word, you could consider using a combination of words to create a password phrase. This makes for a password that’s easier to remember but harder for a hacker to guess.

3. Use simple memory techniques or a password manager to remember your passwords

Creating a strong password that is long and complex can be hard to remember. Luckily, there are some tricks to help you create good passwords and remember them.

Remember using mnemonic devices at school? These are techniques to help improve your recall and can help with password management. For example, some kids use the mnemonic “Never Eat Slimy Worms” to remember the first letter of the directions in order (North, East, South, West).

These techniques can boost your ability to remember your password.

Nick Santora, chief executive officer at Curricula, which trains employees on cybersecurity, recommends using the “passphrase” system. You’ll create a sentence that’s both memorable and short enough to boil down to a password.

So, say you pick “Gone With The Wind,” which you pare down to the acronym “GWTW”.

You can then add numbers and characters to increase your password security.

Using the acronym above, you could create a password that would be GWTW!04@gwtw.

Using this method, you can create something that’s easy to remember for you, but nearly unrecognizable to others.

If using this kind of technique doesn’t feel like your thing, don’t worry — you’re not out of options. Consider using a password manager, a secure tool that saves your passwords for you so you don’t have to remember them.

Password managers can encrypt your passwords in the cloud and sync to your accounts. You’ll then have one master password. Password managers are recommended by many security experts and may be able to limit your risk of identity theft.

However, be aware that you may have to pay to use these services, particularly if you’re interested in upgrading from a basic version of the tool.

Should I use a password generator?

Using a password generator can help you create long, complex passwords, which can be helpful if you’re stumped. Many generators will let you select the criteria you’re looking for in a password (e.g. password length, whether to include numbers or mixed case) so you can ensure it fits the site requirements.

4. Follow proper password security measures

Creating a strong password is just one part of password security. You’ll have to manage your passwords and use them correctly as well.

To do that, you don’t want to use the same password for multiple sites. Doing so could mean that if hackers get their hands on one password, they have access to all of your accounts.

Also, while experts previously advised that you change your password frequently, some security experts now say you might not need to do that. You may only need to change your password if you think you’ve been hacked or if there’s suspicious activity.

5. Enable two-factor authentication

On top of having good passwords, consider enabling two-factor authentication when you sign into your email, bank website or any other sensitive account.

When using two-factor authentication, a code will be sent to your phone when you sign in. You then input the code to access your account. Hackers likely don’t have access to your phone, so this can be a great way to add a layer of password security.

It may feel like additional work, but the extra protection can go a long way.

What can happen if a hacker gets your password?

Passwords are a door that unlocks your information and data, and they’re necessary to keep your account protected and private.

“Passwords are the most valuable prizes to any hacker, because it gives them the opportunity to enter your accounts and spend as much time as needed to steal your data,” Levin says.

If your password gets into a hacker’s hands, a number of things could happen:

  • You could be locked out of your account and unable to access your information.
  • Hackers could use information in your accounts to steal your identity and make financial or other types of transactions without your knowledge.

This is why it’s important to take password security seriously.

How can I keep my information safe?

Keep regular tabs on the transactions in your financial accounts, don’t click on suspicious emails and make sure the websites you visit are secure (for example, checking to see if the URL starts with https, not http). Checking your credit reports can also help you recognize any potential issues. If you suspect identity theft has occurred, change your passwords and contact your financial institution right away.

What’s next?

Living a life online means being vulnerable to hackers and other online predators looking to steal your information.

Though there’s always a risk — and no foolproof, guaranteed safety net — you can take steps to protect your information by creating a strong password.

About the author: Melanie Lockert is a freelance writer and editor currently living in Portland, Oregon. She is passionate about education, financial literacy and empowering people to take control of their finances. Her work has been f… Read more.