When you set up an online account, you’re usually asked to create a password. To protect your account from cyberattacks, create a strong password that’s hard to guess. How? Start by making your password long — aim for at least 12 characters.
Of course, a long password can be hard to remember. You may find it easier to use a passphrase — a series of words separated by spaces. But make sure that your passphrase consists of random words. Avoid using common phrases, song lyrics, or movie quotes that are easy for a hacking program to guess.
If the account doesn’t allow long passwords, mix uppercase and lowercase letters, numbers, and symbols to make your password strong.
Studies show that people aren’t very good at creating random, strong passwords, or remembering them. So, what to do? One option is to have your web or mobile browser create a password for you. Each browser has its own process. Here’s more info on how that works:
Another option is to use a third-party password manager to create a strong password — and remember it. To find a reputable password manager, read expert reviews. Make sure the password you’re using with the password manager is strong and secure.
A web browser, mobile browser, and password manager all can save your passwords for you.
Lock Down Your Email
It's critical to protect your email account with a strong password. That’s because password reset links often go to your email inbox. If a hacker takes over your email account, they can get password reset links for your other accounts. Then they can change the passwords and take over those accounts, too. If that happens, here’s how to recover a hacked account.
A strong password is an important first step in protecting your account from hackers. But even strong passwords are vulnerable to cyberattacks. Using multi-factor authentication means a hacker who steals your password can’t log in to your account without another authentication factor.
The most common type of multi-factor authentication is a verification passcode you get by text message or email. This one-time passcode is typically six digits or longer and it expires automatically. But this is the least secure type of two-factor authentication, so choose a more secure method like an authenticator app or a security key for more protection, if you have the option.
When you create an account, you may have to give answers to a few security questions. Some sites may periodically ask you to answer these questions as a security measure to confirm your identity. You also may have to answer them if you need to reset your password.
Hackers could try to guess your answers to get into your account, so pick security questions only you can answer. Avoid questions with a limited number of responses that hackers can guess — like the color of your first car. And skip questions with answers that someone could find online or in public records — like your zip code, birthplace, or mother’s maiden name. If you can’t avoid those questions, treat them like a password and use random and long answers. Just be sure you can remember your answers. As with a password, make sure the question and answer are unique, not one that you use on other sites.
If a company or website tells you it lost your password in a data breach, change your password right away. Follow the advice above and create a new strong password. If you reused the same password, or a similar one, on other services, change it there, too.
If someone is using your personal information, report it and get help at IdentityTheft.gov.