• //
    • //
    • //
  • Password best practices

    • Password best practices

    October 10, 2025

    Strengthen your first line of defense during Cybersecurity Awareness Month

    Passwords are the keys to your digital life. They safeguard your bank accounts, email, social media, and more.

    Creating and managing them can feel overwhelming, but it doesn’t have to be. Protect yourself with a few simple habits and secure tools.

     

    The recipe for a strong password

    Every password should be:

    Unique: Use a different password for every account. Reusing passwords puts you at risk because if one gets hacked, others could follow.

    Long: Aim for at least 16 characters. The longer the password, the harder it is to crack. While an 8-character password can take minutes to guess, a 16-character password could take billions of years.

    Complex: Mix uppercase and lowercase letters, numbers, and special characters like @, !, or $. Avoid real words, names, or dates. If spaces are allowed, trying stringing together random phrases for a password that’s both strong and memorable.

    The old advice to change passwords every few months is outdated. If your passwords are long, unique, and complex, you don’t need to change them on a schedule.

    In fact, frequent changes can lead to weaker habits, such as recycling similar passwords. Instead, only update them if you suspect unauthorized access or learn of a company breach.

     

    Use a password manager

    Recalling dozens of long, unique passwords may seem impossible. Simplify the process by compiling your information in a password manager.

    Often in the form of an app or browser plugin, a password manager is like a trusted digital vault. The secure, encrypted database stores all your login information for you.

    You only need to remember one master password to access them all.

    This method offers:

    Convenience: Automatically generate, store, and fill in passwords across all your devices.

    Security: Uses strong encryption and “zero-knowledge” architecture, meaning even the password manager company can’t see your passwords.

    Protection: Warns you about phishing sites and alerts you if a password might be compromised.

    Efficiency: Frees you from notebooks, sticky notes, or spreadsheets full of passwords.

    For extra protection, secure your password manager with multi-factor authentication.

     

    Keep it simple and secure

    As technology evolves, passkeys are emerging as the next step in digital security.

    They eliminate the need for passwords entirely, letting you log in with a secure device or biometrics, such as Face ID or fingerprints.

    Passkeys are simple, secure and becoming more widely available. They serve as a great complement or eventual alternative to traditional passwords and managers.

    Until then, stick with trusted password managers and strengthen weak or reused passwords over time. Building these habits now will help protect your digital identity and keep you safe online.

    Know the truth about password managers!

     

    There are many misconceptions about password managers. Separate fact from fiction with tips from the National Cybersecurity Alliance, available as part of Cybersecurity Awareness Month.

     

    Tip Sheet