# Set a killer pawsword

## Easy steps to fight the most common vulnerability

![](https://2215470000-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LMA_kV7gMeMHGE2fjOJ%2F-LMA_xy6WPTss1asaS_j%2F-LMAcHORTpGNeoB4q9Zz%2FPawsword.gif?alt=media\&token=a0fcae58-584f-4316-8ebd-081295246763)

## 1. Password protection

* Visit [How Secure Is My Password](https://howsecureismypassword.net/) to test the strength of your passwords
* Never recycle or reuse passwords
* Do not use the same password across multiple sites - Create a new or different password for every site you sign up to
* Do not let your browser save your passwords
* Think passphrase instead of password
* Use upper or lower case letters, numbers, symbols - See [Strong Password Generator](https://strongpasswordgenerator.com/). Password Managers usually have a built-in password generator to create complex passwords

## 2. Use a password manager

Password Management software stores encrypted versions of your passwords so you can use a unique, secure password for every service without having to remember every password. There are plenty of[ free Password Managers](http://thehackernews.com/2016/07/best-password-manager.html) to select from, for example,[ KeePass](http://keepass.info/) (see[ how to setup and use it](https://youtu.be/KQuDrKSZkck), [LastPass](https://www.lastpass.com/) and [Padlock](https://padlock.io/).

## 3. How should you change your password?

There have been debates about how often we should be changing our passwords. It is also recommended that we change your passwords every 3 – 9 months. We recommend that you change your passwords as often as you need in order to feel secure.

## 4. Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) makes it harder for anyone attempting to hack your accounts. Instead of signing into your accounts using one step (your password), you enter a second piece of data, a short code sent to you in an email, or text, or generated by an app on your phone. See which sites allow you to enable two-factor authentication [here](http://twofactorauth.org/).