Overview of Password Strength & Safety

person on device with security

It seems everything needs passwords today, but what is required for creating a password is always changing. According to Security Magazine, the average business user has about 200 online passwords. With this growing call for passwords, there are two ways people usually respond. Either create easy-to-remember passwords and reuse them across different sites. Or create strong, unique passwords for every online account. But how do you know what password to use? And how can you keep track? We share some advice for creating a strong password and other considerations to strengthen your information security.

Tips for Creating a Strong Password

Criminals are hoping your passwords can be easily guessed with information found with little online research. So while sequential numbers, children’s names or birthdays are easy to remember that means they can also be easy to hack. If you use the same password for every account, just think how easy you have made it on crooks who try to hack into your financial, email or other accounts to steal your identity, your money or other important data.

Here are some tips for creating strong passwords and protecting your accounts:

  • Longer is better, as it is harder to hack. Passwords should be at least 8 characters long, but 10-12 characters is recommended.
  • Make it a mix. Include upper and lowercase letters, plus numbers and symbols. An example would be iWI$4y0uw3!!.
  • Stay unpredictable. Passwords shouldn’t include your name or common words that can be easily guessed. Avoid common words or short words, as they are easier to hack.
  • Get creative. If you are having a tough time creating a strong password, use the first letter of each word in a phrase that you can easily remember, and make sure it doesn’t spell out a real word. So a phrase such as ‘I can’t see the bird in the tall tree’ could become !C$tb!tTt.
  • Change it up. You should use different passwords for each of your important accounts. For example, don’t use the same password for your email and banking accounts. That way, if one account gets compromised your other accounts will still be safe.
  • Keep it secret. Your passwords should not be given out to anyone. Don’t leave them written down and easily found. If you receive notification or hear on the news that a site where you have an account with has been hacked, change your password for that site, and any other site that you used that same password for.

For additional password tips, check out these security tips from the Cybersecurity & Infrastructure Security Agency or the Password Checklist from the Federal Trade Commission

Consider a Password Manager

You’ve made your passwords longer, varied and much harder to hack. But now they are harder to remember. How do you keep them safe but also easy for you to remember?

A password manager might be the answer.

Password managers are software applications that are designed to organize and protect your passwords across all sites and all devices. They act as a locked vault that securely stores your sensitive passwords behind a single master password. Ideally, the password management tool also can generate smart passwords for you and sync them across multiple sites.

Each password manager works a little differently and offers different features. To figure out which one might work for you, identify your needs and, more importantly, your weaknesses. Is it hard for you to remember to update passwords, even though you are good and creating unique ones? Or do you use obvious passwords that are shared on multiple sites?

Password managers can either be free or can cost a small fee, depending on the number of devices or complexity of your personal needs. Password managers encrypt your information so it’s protected, and some also store your user names and account website addresses.

In addition to checking that the password manager you select has good reviews, it should be easy for you to use. Your password manager vault is unlocked with a single, strong password that you’ll need to remember. Be sure to make it different from all your others. Once you log into the manager, a click on one of your stored accounts will take you to the site log you in.

Include Multifactor Authentication

Multifactor authentication (MFA) means that there are multiple methods of authentication to verify an identity. It could be for a login, or for conducting a transaction, but it is another layer of security. There are different factors of identity verification, and with MFA more than one is used to make it harder to hack into an account or system. MFA is a combination of two or more independent categories of identifying factors:

  1. KNOWLEDGE FACTOR: This factor is about what you know. Examples of knowledge factor authentication include passwords, security questions, or PIN numbers.
  2. POSSESSION FACTOR: This factor is about what you have. Possession factors are all about something you physically have, like a one-time pin texted to a mobile device, embedded chip within a smart card, or a hard token.
  3. INHERENCE FACTOR: The third factor is what you are. Biometric verification with scans of fingerprints, retina, facial recognition or voice authentication.

Staying safe and secure online includes strong passwords. Whether you incorporate multi-factor authentication or increase the complexity of your current passwords, take action today to make it harder for hackers to get your information.

For more information about keeping your information safe, check out our webpage about protecting yourself from identity theft and our webpage about protecting yourself from scams.

Fidelity Bank does not control the content of or approve any website that is linked through this browser. Search results are not filtered or screened by the bank or any of its agents, representatives or service providers. Users, who search the Internet using their browser, do so at their own risk, and are responsible for the results. The portals and links are provided by an outside source. Fidelity Bank is not responsible for the content.