🔑

How to Protect Your Passwords

5 minute read

Simple rules for strong passwords.

Passwords are the keys to your digital life. Here’s how to make them strong and keep them safe.

The Two Rules That Matter Most

Rule 1: Never reuse passwords

If one site gets hacked (and they do, regularly), criminals try that password on every other site. Using the same password everywhere means one breach compromises everything.

One password per site. No exceptions for important accounts.

Rule 2: Make them long

Length beats complexity. A longer password is much harder to crack than a short complicated one.

Password Time to Crack
P@55w0rd Minutes
correct-horse-battery Centuries

Aim for 12+ characters.

How to Create Strong Passwords

Method 1: Passphrase

String together 4 or more random words:

  • “coffee-mountain-purple-tuesday”
  • “correct-horse-battery-staple”
  • “umbrella-pizza-seventeen-garden”

Easy to remember, very hard to crack.

Method 2: Sentence method

Think of a memorable sentence and use it:

  • “I met my wife Sarah in Boston in 2010!” → “I met my wife Sarah in Boston in 2010!” (use the whole thing!)
  • Or use first letters: “ImmwSiBi2010!”

What NOT to use:

❌ Your name, birthday, or anniversary

❌ Pet names, kids’ names, spouse’s name

❌ “password” or “123456” or “qwerty”

❌ The same password as another site

❌ Patterns like “abc123” or “111111”

❌ Single dictionary words

Password Managers

A password manager solves the “too many passwords” problem:

  • Creates strong unique passwords for every site
  • Stores them securely (encrypted)
  • Auto-fills them when you need them
  • You only remember ONE master password

Good options:

  • Bitwarden — Free, works on everything
  • 1Password — Paid, very polished
  • Apple Keychain — Built into iPhone/Mac (free)
  • Google Password Manager — Built into Chrome/Android (free)

Is it safe to store all passwords in one place?

Yes, if you:

  • Use a reputable password manager
  • Choose a strong master password
  • Turn on two-factor authentication

This is much safer than reusing passwords or writing them on sticky notes.

Two-Factor Authentication (2FA)

Two-factor means: something you know (password) + something you have (phone)

Even if someone steals your password, they can’t log in without your second factor.

How to enable 2FA

Most sites have it in Settings → Security or Settings → Privacy. Look for:

  • “Two-factor authentication”
  • “Two-step verification”
  • “2FA”

Best types of 2FA (most to least secure):

  1. Security key (like YubiKey) — Best
  2. Authenticator app (Google Authenticator, Authy) — Great
  3. Text message (SMS) — Good
  4. Email codes — Okay

Text message is fine for most people. Anything is better than nothing.

What To Do If a Password Is Compromised

If you find out a password was stolen (data breach notification, suspicious activity, etc.):

  1. Change it immediately on that site
  2. Change it everywhere you used the same password (this is why reuse is bad)
  3. Turn on 2FA if you haven’t
  4. Check for unauthorized activity on that account
  5. Check haveibeenpwned.com to see what was exposed

Quick Summary

✓ Use a unique password for every site

✓ Make passwords long (12+ characters)

✓ Consider a password manager

✓ Turn on two-factor authentication

✓ Never share passwords, even with people you trust