(This post may include affiliate links from which I may receive a commission. Rest assured that there is no additional cost when using affiliate links, and I personally recommend any services or products linked below.)
Creating strong, unique passwords is one of the most important things you can do to protect your online accounts and sensitive data. Follow these tips based on guidance from the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS) to improve your password hygiene.
Long, random passwords created by password generators are ideal. But passphrases can be an easier alternative to remember. A passphrase is a sequence of words separated by spaces or punctuation. Here’s an example: “Hold Fast Stay True.” Make passphrases longer to increase strength.
Never reuse the same password across multiple accounts. Use a unique, random password for every account to limit damage from data breaches. Consider using a password manager to simplify this.
Enhance passphrase strength by substituting letters with numbers and symbols. You can replace “E” with “3” and “O” with “0” (zero), for example. Adding complexity makes passphrases harder to crack.
Use a Password Manager
- Select a password manager app (I recommend 1Password) and create a new account
- Create a new master password for your password manager using a strong passphrase
- Enable two-factor authentication for your master password
- Import existing account passwords into the manager
- Let the manager generate new strong passwords for important accounts
- Use the manager when signing into accounts or resetting passwords
Change Passwords Periodically
While not required, regularly changing passwords can further limit risk if a password is compromised. Consider changing high-value account passwords every 90 days. A good password manager will also alert you when your password has been discovered in a breach.
Using proper password hygiene takes some extra work, but is essential to protecting yourself online. Developing strong, unique passphrases and using a dedicated password manager will help keep your data secure.