In recent years, cybersecurity experts’ recommendations on what constitutes a strong password has changed. They now suggest that people use word phrases that are easy to remember rather than random letters, characters and numbers that cannot be easily recalled.
Remember: the IRS will never ask for passwords. And watch out for phishing emails posing as trusted companies seeking passwords.
Consider these passwords tips to protect devices or online accounts:
- Use a minimum of eight characters; longer is better.
- Use a combination of letters, numbers and symbols in password phrases, i.e., UsePasswordPhrase@30.
- Avoid personal information or common passwords; use phrases instead.
- Change default or temporary passwords that come with accounts or devices.
- Do not reuse or update passwords. For example, changing Bgood!17 to Bgood!18 is not good enough; use unique usernames and passwords for accounts and devices.
- Do not use email addresses as usernames if that is an option.
- Store any password list in a secure location, such as a safe or locked file cabinet.
- Do not disclose passwords to anyone for any reason.
- When available, a password manager program can help track passwords for numerous accounts.
Whenever it is an option for a password-protected account, users also should opt for a multi-factor authentication process. Many email providers, financial institutions and social media sites now offer customers two-factor authentication protections.