Strong Passwords Made Simple

A password is the key to your account, and like a house key, you do not want copies floating around or one that anyone can guess. The two biggest mistakes are using something obvious – like the word "password" or your birthday – and using the same password everywhere. If one site gets broken into, every account with that same password is suddenly at risk too.

The good news is that long beats complicated. A password built from a few random words is both strong and easy to remember. Picture four unrelated things and string them together, like "copper-turtle-window-jazz." That is long, makes no sense to a stranger, and you can picture it. It is generally stronger than a short tangle of symbols like "P@ss1!" that you will only forget.

Make each important account different. Your email, your bank, and your main accounts each deserve their own password, because your email is often the master key that can reset the others. You do not need a different password for every tiny site, but never reuse the password that protects anything important.

You cannot remember dozens of these, and you should not try. A password manager is a free or low-cost app that stores all your passwords in one locked vault, and you only remember the single password that opens it. Your phone or web browser may already offer to save and even suggest passwords for you – that counts too. Writing them in a small notebook kept somewhere private at home is also far safer than reusing one weak password everywhere.

Where a site offers it, turn on two-factor authentication – a second step, like a code sent to your phone, that you enter after your password. It means that even if someone learns your password, they still cannot get in without that code. It takes a few extra seconds and blocks many common break-ins.