Skip to main content


Keep Your Password and Your Account Secure. Test the strength of potential passwords.

Here's what NOT to do!

DO NOT give your password to anyone.

Seriously, don’t do it.

DO NOT leave your password where someone can find it.

Under the keyboard, taped to the monitor, or taped to the wall is not a good place to keep passwords. If you must write a password down, store it in a locked location.

DO NOT reuse passwords.

Use a unique password for each of your important accounts. If one account is compromised, the attacker won’t have immediate access to the rest of your accounts.

DO NOT use biographical details

Don’t use your name, user name, pet’s name, phone number or other information that people can easily find out about you. The same applies to password-reset questions.

DO NOT use common patterns in creating your passwords.

Attackers are aware of common substitutions and patterns. Don’t make it easy on an attacker. Substituting ‘$’ for ‘s’ or ‘0’ for ‘o’, capitalizing the first letter in a word, and ending with numbers are very common patterns. “Not4u2n0!” is clever, meets all the requirements and is in every attacker’s password list.

DO NOT use a dictionary word.

Using a single dictionary word in a password is not sufficient. Attackers have extensive dictionary lists pre-built. If the prepared lists don’t return a match, attackers try every combination of letters, numbers, special characters, and words in a brute force attack. A minimum of five completely random words would be necessary to provide protection from brute force attempts.

Now for what you SHOULD do!

DO create long passwords and include numbers, capital letters and symbols.

Using a high-end graphics processor, attackers can generate in more than 2 billion passwords per second. Using upper and lower case letters, numbers, and thirteen symbols, it would take approximately six days to generate every combination of an eight-character password. It would take approximately 89 years to generate every combination of a 10-character password.

While there are other factors that can increase the time it takes to generate password attempts, those factors are outside your control. The length of your password is within your control. Ten characters is good. Twelve characters is even better.

DO consider using a well-reviewed cross-platform password manager.

A password manager can generate very long complex passwords for every application and make them available across your devices. Consider multi-factor authentication as an extra security step when accessing the password manager. The password manager documentation should provide a list of supported multi-factor authentication products.

Additional information on password managers can be found at: CSO Online: Top Password Managers Compared

Consumer Reports: How to Keep Your Online Passwords Safe and Manageable

DO password-protect your phone and/or tablet.

Mobile devices can reveal a lot of information. Banking applications, password managers, email, social networking, photos and text messages could all be available to strangers and bad guys on an unlocked device.

DO change your password regularly.

With enough time and resources, an attacker will be able to crack your password. Don’t give them the time.