Here is our guide to creating a secure password.
We highly recommend using a password manager. However, there may be occasions where you need to create and remember a password without using a manager.
1. Choose a long password
Passwords should be at least 12-to-16 characters in length. A long password is essential.
One way to come up with a password this long is to think of a memorable and bizarre phrase (also known as a passphrase). Like: mydogismadeofwednesdays. The idea is to come up with something nonsensical and original.
Once you have a passphrase, it can be modified with numbers and special characters to meet other typical password requirements. E.g. myd0g!sm4deofw3dnesdayZ.
If you’re struggling to choose a password, get inspiration from this random phrase generator. It’s based off the xkcd comic below. If you use a passphrase this generator, we recommend adding another word, or changing the phrase slightly, then altering it with special characters as described above.
If you have a password manager, you can test the strength of your manually created password. For example, in LastPass, go to the Generate Secure Password section > copy & paste your password into the generator and check its rating (the coloured-bars below the password).
You can also access the LastPass password generator on the web here.
2. Don’t reuse passwords
We understand this is difficult but don’t reuse the same password across multiple websites. Think of all the websites where you use your email address, Facebook name, or Microsoft account to login. If you re-use the same login-name and password combo across multiple sites, a person who cracks that combo just once, will have access to all of those services.
Try using a different password across your services. At the very least for your email, banking and financial, work and other accounts of value.
If remembering so many passwords proves to be difficult, try using a password manager.
If using a password manager, use a highly secure password and two-factor authentication.
3. Enable two-factor authentication
For best security practice, a password alone is not enough. Two-factor authentication is also required.