How to create a secure password

Wireless technologies such as Bluetooth® and Wi-Fi have forever changed the way people interact with each other, but also the way they perform daily activities such as shopping, research, banking, eating and communicating. The more everyone is online, the more opportunity hackers have to gain access to personal accounts, steal information, and empty checking or savings accounts before victims realize it. According to the Federal Communications Commission (FCC)Securing today’s online environment goes beyond just thinking about the Wi-Fi router at home – and it all starts with a password.

Passwords should be different for each account that lives online, is in the cloud, or is attached to something that stores personal or financial information. Think about the last time any of your online account passwords were changed. If they are all the same or a similar variation of the same password, if they are too easy to guess, or if they are forgotten or compromised, change them. According to Federal Trade Commission, users do not need to change their password as often as they think; However, it is recommended to ensure that the password is as secure as possible.

Password creation tips to stay safe:

Think of your passwords as walls. A password or passphrase should be seen as a wall between free access to your personal information and the world. The stronger the wall, the harder it is for others to crumble. The more walls there are, the more difficult it is to access information. Encryption is the easiest way to ensure that communications between an electronic device and a website or server are protected.

Avoid easy passwords. An example of a weak password is an easily guessed password – something anyone can find on social media sites or via a phishing email or text message. A strong password has at least 12-14 characters, mixed with upper and lower case letters, numbers and symbols.

Commonly used passwords are your pet’s name, your mother’s maiden name, the city you grew up in, your birthday, your birthday, etc. Surprisingly, the answers to these common passwords can usually be found online. Even if you do not consider yourself an active user of social media or the Internet, your information is available on one forum or another. Even for passwords that require numbers with letters, some people tend to stick with simple patterns like 0000, 1111, 1234, etc., and you shouldn’t be so predictable. Never use the same password for multiple accounts, especially sensitive ones such as bank accounts, credit cards, legal or tax records, or medical records.

Make them creative. Running out of creative ideas for different passwords? Try using song lyrics. Not only is it basically impossible for hackers to guess what song you’re using, it’s even harder for them to guess what lyrics you’re using.

Use a “secret phrase”. Instead of using a single word, use a passphrase. Your phrase should be relatively long, around 20 characters, and include random words, numbers, and symbols. Think of something you can remember but others can’t guess, like PurpleMilk #367JeepDog$.

Use multiple passwords. Using different passwords for different accounts is also important. While it’s easier to remember one password for each account, it’s much easier for hackers to break down a wall than multiple walls. If hackers can figure out a password, even if it’s something harmless like your Instagram account, then they know the password for every account you have. This includes websites where you shop online, bank accounts, health insurance accounts, email accounts, etc.

Use multi-factor authentication. When available and supported by accounts, use two-factor authentication. This requires both your password and additional information when logging in. The second coin is usually a code sent to your phone or a random number generated by an app or token. This will protect your account even if your password is compromised. Many devices include fingerprint or facial recognition to unlock them, which helps protect all apps on the device if lost or stolen.

Consider a password manager. A written list works, but if you’re worried about losing it, type in an email list and label it something other than “PASSWORDS”. Keep the list updated and organized as well as secret. Avoid keeping the list on the device, as this will make it easier for the thief to access the apps and personal data stored on it.

Still not convinced? Consider a reputable password manager to store your information. These easy-to-access apps store all your password information and answers to security questions, in case you forget them. However, remember to use a strong password to secure the information in your password manager.

Select security questions that only you know the answer to. Many security questions ask for answers to information available in public records or online, such as your zip code, mother’s maiden name, and place of birth. It is information the motivated attacker can easily get. Don’t use questions with a limited number of answers that attackers can easily guess, like the color of your first car.

Wi-Fi is also a security issue. Check your device settings before surfing the web.

  • Check the validity of available Wi-Fi hotspots: hackers will install fake hotspots that bear the names of stores or institutions you might trust.
  • Make sure any websites you use have “https” at the beginning of the web address.
  • Install an app add-on that forces your web browsers to use encryption when connecting to websites.


If you have received a notification from a company about a possible data breach, it is always best to change this password and any similar password immediately. See BBB tips for dealing with a security breach. If you spot a scam, report it to To find reputable companies in your area, go to