Please update your browser.

We no longer support Internet Explorer. Using another browser will help protect your accounts and provide a better experience.

Supported browsers: Chrome, Firefox, Edge, Safari

Creating a Password Tip Card

Creating a strong password is an essential step to protecting yourself online. Using long and complex passwords is one of the easiest ways to defend yourself from cybercrime. No citizen is immune to cyber risk, but there are steps you can take to minimize your chances of an incident.

Simple Tips

Creating a strong password is easier than you think. Follow these simple tips to protect yourself online:

  • Make your password eight characters or longer. Create a password with eight characters or more and a combination of letters, numbers, and symbols.
  • Use a long passphrase. Use a passphrase such as a news headline or even the title of the last book you read. Then add in some punctuation and capitalization.
  • Don’t make passwords easy to guess. Do not include personal information in your password such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.
  • Avoid using common words in your password. Instead, substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter “A” and an exclamation point (!) can replace the letters “I” or “L”.
  • Get creative. Use phonetic replacements, such as “PH” instead of “F”. Or make deliberate, but obvious misspellings, such as “enjin” instead of “engine”.
  • Never share your password. Don’t tell anyone your passwords, and watch for attackers trying to trick you into revealing your passwords through email or calls.
  • Unique account, unique password. Use different passwords for different accounts and devices so that if attackers do guess one password, they will not have access to all of your accounts.
  • Use stronger authentication. Always opt to enable stronger authentication when available, especially for accounts with sensitive information including your email or bank accounts. A stronger authentication helps verify a user has authorized access to an online account. For example, it could be a one-time PIN texted to a mobile device, providing an added layer of security beyond the password and username.