A strong password is your first line of defense against unauthorized access to your online accounts. The stronger your password, the more protected your computer will be from hackers and malicious software.
A strong password:
- Should not be the same as your account number or username.
- Should be at least 8 characters long.
- Should contain at least 1 number.
- Does not contain a complete word.
- Is significantly different from previous passwords.
- Should contain only letters, numbers and these special characters like `!@#$%^&?”+=
A password might meet all the password criteria and still be a weak password. For example, Hello2U! meets all the criteria for a password, but is still weak because it contains a complete word. H3ll02U! is a stronger alternative because it replaces some of the letters in the complete word with numbers.
- Diversify your passwords and change them. Don’t use the same password across multiple websites. How often you change your password depends on your computer habits, and how you surf the web. Decide on the appropriate frequency for a particular website based on its sensitivity and importance. Most computer experts and online security professionals recommend changing your passwords and account login information at least once every three to six months.
- Create an acronym from an easy-to-remember piece of information. For example, pick a phrase that is meaningful to you, such as My daughter's birthday is 29 January, 2013. Using that phrase as your guide, you might use Mdbi29Jan13! for your password.
- Substitute numbers, symbols, and misspellings for letters or words in an easy-to-remember phrase.
- Relate your password to a favorite hobby or sport.
- If you feel you must write down your password in order to remember it, make sure you don't label it as your password, and keep it in a safe place.
- Use an online password manager. The best managers include password generators that create strong, unique choices.
Other online security tips:
- Check your credit reports at least annually. The goal is to check for discrepancies, inconsistencies and inaccuracies that might suggest identity theft.
- Be wary of emails that require you to click on a link to update a password or confirm confidential material. The best rule to follow is that regardless of how real an e-mail looks, never click on such links. Contact the alleged sender’s customer service or fraud department directly to check the legitimacy of the email. Don’t use the phone numbers provided in the suspect email. Always use the contact information provided on your monthly statement or listed on the company’s website.
- Shred confidential documents. Shredding services or shredding events are often offered by financial institutions or community organizations such as Redwood Credit Union's annual Shred-a-Thon. Please read our article about item retention guidelines and disposal recommendations.