Skip to main content

When is the last time you reviewed the passwords to your bank account, e-mail or credit card accounts?

Today is a good day to do it. Why? It’s National Password Day. Together with the Better Business Bureau (BBB), we are sharing tips to make your passwords more secure.

  • Make your password long, strong and complex. That means at least twelve characters, mixed with uppercase and lowercase letters, numbers, and symbols. Avoid common words, phrases or information in your passwords.
  • Don’t reuse passwords used on other accounts. Use different passwords for different accounts so that if a hacker compromises one account, he can’t access other accounts.
  • Use multi-factor authentication, when available. For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in. The second piece could be a code sent to your phone, or a random number generated by an app or token. This protects your account even if your password is compromised.
  • Consider a password manager. Most people have trouble keeping track of all their passwords. Consider storing your passwords and security questions in a reputable password manager, an easy-to-access application that stores all your password information. Use a strong password to secure the information in your password manager.
  • Select security questions only you know the answer to. Many security questions ask for answers to information available in public records or online, like your zip code, mother’s maiden name, and birth place. That is information a motivated attacker can obtain. Don’t use questions with a limited number of responses that attackers can easily guess – like the color of your first car.
  • Change passwords quickly if there is a breach. If you receive a notification from a company about a possible breach, change that password and any account that uses a similar password immediately.

For more information on keeping your information secure, check out our article on Computer Security.

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

March 15, 2018

I have serious concerns we have been receiving phone calls via recorded messages stating 4 files on in my husband name owning back taxes! Which don’t and that the cops are coming to pick him up if we don’t respond. These calls are repeated day after day and we change the number and the very same day received the same calls to the new number! What can we do to stop these callers??

March 15, 2018
The FTC is not properly protecting senior citizens. We are bombarded with spoofing and phishing emails, phone calls intended to locate a vulnerable person and squeeze information from them, etc. If you protect your seniors many of these problems will disappear. You must act now.
March 15, 2018

In reply to by tom0153

How to resolve those issues: 1. Don’t bother reading email that comes from people you don’t know. 2. Get a telephone answering machine and let all calls go to voicemail except for those phone numbers you’re familiar with. Scammers and fundraisers rarely leave voice messages because they don’t like being recorded.
March 15, 2018
Very useful your mail words
March 16, 2018
ok gracias
Don't use your…
March 16, 2018
12 characters is a bit short for a password. Probably upwards of 15 characters would be better. And why aren't companies BANNED from asking you for easily guessable security questions?
March 20, 2018
I have a password manager that stores all the passwords I have. Each one is different from the other and they are hard. No numbers as letters and vice versa. That password manager app can also create a difficult password but I usually put a spin on it though still hard. I stopped using passwords that include my name or members of my family or common terms like ch@1R and TaBl3p1@c3mAtZ. Isn't it JFK that said "Ask not what your country can do for you,ask what you can do for your country?" Take care of yourselves people, the FTC and other government agencies cannot protect all of us individually, we wouldn't want them to. We have to be mature and act responsibly.
April 04, 2018
want to change my username and password
May 02, 2018
Your first bullet point directly contradicts new NIST standards for passwords. Uppercase and lowercase letters, numbers, and symbols should not be required, and a passPHRASE instead is recommended.
December 13, 2018
I try to use a different password