A strong password is essential when it comes to your online security, and you need a unique one for each of your social media, bank accounts, streaming services and apps.

With so many accounts to keep track of, it's tempting (and incredibly easy) to fall into the bad habit of using the same login credentials for everything.

If your data is compromised, weak passwords can have serious consequences like identity theft. Last year's number of reported data breaches set a new record.

With the increasing number of cyber-attacks and data breaches across various industries we recommend these steps to keep your account safe.

Use different passwords for different accounts, so if one is compromised, the others are not. This will avoid attack types such as credential-stuffing attacks, where hackers use stolen credentials on other common platforms in hopes to gain entry.

Phrases using symbols like a smiley face ":)" instead of using the word happy, or replacing the word “to” with the number “2”. Using characters and symbols in place of letters can make your password more difficult to guess for hackers or brute force attack techniques.

One of the most important password security best practices to employ is to use passphrases with words that don’t normally go together instead of easily-forgettable, long-character passwords. Passwords like “puppy airplane eating papaya” are more easily remembered and less likely to be hacked than “puppy running around yard.” Use at least four words as part of your passphrase.
​

For the best password security, our best practices recommend using at least twelve characters of interchangeable lower case, upper case, symbols, and numbers within your password, regardless of if you use a passphrase or not. Password length is more important for security than using numbers, characters, or symbols alone. Password length is a leading indicator of how long it may take for a password to be cracked by a brute force attack or other hacker password-cracking algorithm.

Always check your password strength. Most sites allow for a password analyzer to communicate how strong or weak your password may be. Pay attention to the analyser results and alter your password accordingly to make it stronger.

Passwords can still be guessed or cracked, given enough time. That is why you should change your password every 60-90 days on user-level accounts. This ensures hackers using social engineering, brute force, and credential-stuffing attacks cannot use your older passwords to gain access to your systems or data.

Employ Two-Factor Authentication (2FA), also known as Multi-Factor Authentication. This uses a text-based or application-based authentication method to verify your identity prior to access. Even if a hacker gains your password in some fashion, they will not be able to access your systems without access to your phone as well.

And lastly, invest in a password manager. Password managers use multiple forms of encryption to ensure that your passwords are even harder to crack and allow you to only need to remember one password. Passphrases are perfect for use as your password manager master password, and then you can use extremely difficult passwords for your other user-level accounts and systems.

Another password security best practice is to use a security tool such as Have I Been Pwned to check and see if your credentials were included in any recent data breaches globally. This allows you to make educated decisions about which passwords might need to be changed immediately.

Never use your first name, last name, age, birthday, phone number, address, bank account, or any other sensitive personal information as part of your password. Don’t even use your dog’s name or your favorite travel spot. Doing so makes social engineering attackers' jobs easier; most of this information is available on your Facebook account, which is public information.