What do you need to get into your email, Netflix, bank account, and your kid’s blanket fort? A password. The key to limiting the number of people you want accessing these – especially your financial websites – is the strength of the password. A weak password can have serious consequences, like identity theft. Here are seven tips to help you create strong passwords.

1. Use a password manager to keep track of your passwords

A strong password is longer than eight characters, hard to guess, contains a variety of characters, numbers, and special symbols, and should be different for every site you use. This adds up. This is where password managers come in. Trusted password managers such as 1Password or LastPass can create and store strong, lengthy passwords for you.

Just remember the password you use to access your password manager.

2. Yes, you should write your login credentials down

We know: This recommendation goes against everything we've been told about protecting ourselves online. But password managers aren't for everyone, and some leading security experts, like the Electronic Frontier Foundation, suggest that keeping your login information on a physical sheet of paper or in a notebook is a viable way to track your credentials. 

Of course, we recommend keeping this sheet of paper in a safe place – like a locked desk drawer or cabinet – and out of eyesight.

3. Check to see if your passwords have been stolen

It’s good practice to periodically check to see if your passwords have been compromised.

Mozilla's Firefox Monitor andGoogle's Password Checkup can show you which of your email addresses and passwords have been compromised in a data breach so you can take action. Have I Been Pwned can also show you if your emails and passwords have been exposed. If you do discover you've been hacked, see this guide for how to protect yourself.

4. Use complex words and character combinations in your password

The goal is to create a password that someone else won't know or be able to easily guess. Stay away from common words, avoid using your name, nickname, the name of your pet, your birthday or anniversary, your street name or anything associated with you that someone could find out from social media, or from a heartfelt talk with a stranger on an airplane or at the bar. 

Check out our post Three Steps to Strengthen Your Password for more help.

5. Longer passwords are better: 8 characters is a good starting point

8 characters are a great place to start, but longer logins are better. Try using a passphrase made up of three or four random words for added security. A longer passphrase composed of unconnected words can be difficult to remember, however, which is where a password manager comes in handy.

6. A unique password for each site

By limiting one password to one site, this protects you in case one of your passwords does get stolen. Instead of a hacker having access to multiple accounts, it’s just the one that’s compromised.

It’s also important to note that you need to change more than a prefix of suffix for the passwords to be different. ThisPasswordIsNotSafe1 and ThisPasswordIsNotSafe2 won’t suffice.

7. Use two-factor authentication (2FA)

Two-factor authentication is a security safeguard that requires you to enter a second piece of information before you can log in. This is usually a one-time code that is sent to your phone or email.

This way, even if a hacker does uncover your passwords, without the verification code that’s sent to you, they won't be able to access your account.

When it comes to password security, being proactive is your best protection. Using these seven tips to create and maintain a strong password can help keep your personal information personal.