How To Create A Strong Password


  1. Most Password Managers offer password generators and sites like Strong Password Generator can help create strong random passwords.

  2. Alternatively, if you must manually create a human-readable password, then see How To Create Strong Passwords That You Can Remember Easily. For any password consider the following:

    1. The longer, the better. Aim for 12 characters or more!

    2. Think passphrase instead of password.

    3. A mixture of random upper- and lower-case letters, numbers, and special characters is important.

    4. Dictionary or pop culture words are bad.

    5. Avoid personal information such as email address, username, date of birth

Two-factor authentication

Certain online accounts, such as e-mail and Facebook, offer additional protection when two-factor authentication (2FA), also known as two-step verification is enabled. This means that instead of signing into your accounts using one step (your password), you enter a second piece of data as well. This is typically a short code sent to you in an email, or text, or generated by an app on your phone. It can also be a physical key (similar to a USB drive) that you insert into your computer. 2FA is a wonderful piece of security because it means that even if your password is compromised, a hacker would still need access to your email, phone, or app in order to get into your account.

You should definitely enable 2FA for any of your crucial accounts that offer it. Most big tech services like Google, Facebook, Dropbox, and Twitter have this option available, as do popular password managers like LastPass. Typically you just need to dig around in your account settings on a given site to find the instructions on how to enable it. Here is a useful guide from Google if you would like to know more about how 2FA works.

An app you can use is Authy. This will automatically generate your 2FA codes offline, anywhere you have the app installed. Authy can be used on any phone or desktop, with all your 2FA code-generating accounts backed-up on a single Authy account. This means that if you were to lose a phone, or get a new laptop, all you have to do is install Authy and login with your Authy account info (have a very strong password!) and your 2FA codes will still be there. Your 2FA accounts are encrypted in the cloud too, meaning that if Authy’s servers were ever hacked, your Authy data would be unusable. And because these codes can be generated offline, you do not need internet or mobile phone service to access them.

More on 2FA

See also Securing Your Digital Life Like a Normal Person

Last updated