BBB Tip: How to create a strong password
Milwaukee, Wis. – Wireless technologies such as Bluetooth and wifi have forever changed the way people not only interact with one another, but also how they complete day-to-day activities such as shopping, researching, banking, eating, and communicating. The more everyone is online, the more there are opportunities for hackers to get into personal accounts, steal information, and drain checking or savings accounts before victims realize it. According to the Federal Communications Commission (FCC), securing today’s online environment goes beyond thinking about the wifi router at home – and it all starts with a password.
BBB recommends the following tips to stay safe in an online world:
Think of your passwords as walls.
A password or a passphrase should be considered a wall between free access to your personal information and the world. The stronger the wall, the more difficult it is for others to break down. The more walls, the more difficult it is to even access the information. Encryption is the easiest way to ensure communications between an electronic device and a website or server are protected.
Avoid easy passwords.
An example of a weak password is one that is easy to guess – information that anyone can find on social media sites or through a phishing email or text. A strong password has at least 12 to 14 characters, mixed with uppercase and lowercase letters, numbers and symbols.
Commonly used passwords are your pet’s name, your mother’s maiden name, the town you grew up in, your birthday, your anniversary, etc. Surprisingly, the answers to these common passwords can typically be found online. Even if you don’t consider yourself an active user of social media or the Internet, your information is out there on one forum or another. Even for passwords that require numbers along with letters, people tend to stick to simple patterns like 0000, 1111, 1234, etc. Never use the same password for multiple accounts, especially for the most sensitive ones such has bank accounts, credit cards, legal or tax records or medical-related files.
Make them creative.
Running low on creative ideas for different passwords? Try using song lyrics. Not only is it basically impossible for hackers to guess what song you are using, it’s even harder for them to guess which lyrics you’re using on top of that.
Use a “passphrase”.
Instead of using a single word, use a passphrase. Your phrase should be relatively long, around 20 characters, and include random words, numbers, and symbols. Something that you will be able to remember but others couldn’t come close to guessing, such as PurpleMilk#367JeepDog$.
Use multiple passwords.
Using different passwords for different accounts is also important. While it may be easier to remember one password for every account, it’s much easier for hackers to break down one wall rather than multiple walls. If hackers can figure out one password, even if it’s to something harmless like your Instagram account, they then know the password to every single account you own. This includes websites you shop online at, banking accounts, health insurance accounts, email accounts – you name it.
Use multi-factor authentication.
When it’s available and supported by accounts use two-factor authentication. This requires both your password and an additional piece of information upon logging in. The second piece is generally a code sent to your phone or a random number generated by an app or token. This will protect your account even if your password is compromised. Many newer devices now include fingerprint or facial recognition to unlock them. This may be an option and a way to protect any apps on the device in the unfortunate event it becomes lost or stolen.
Consider a password manager.
A written list would be best, but if you’re worried of losing it, write a list on your phone and label it as something other than ‘PASSWORDS’. Keep the list updated and organized as well as secretive. Avoid keeping the list on the device as it will only make it easier for the thief to access the apps and personal data stored on it.
Select security questions only you know the answer to.
Many security questions ask for answers to information available in public records or online, like your zip code, mother’s maiden name, and birthplace. That is information a motivated attacker can easily obtain. Don’t use questions with a limited number of responses that attackers can easily guess – like the color of your first car.
Wifi is a security concern as well. Check your device settings before surfing the web.
- Check the validity of available Wi-Fi hotspots: hackers will set up fake hotspots that have names of stores or institutions you might trust.
- Make sure all websites you exchange information with have “https” at the beginning of the web address.
- Install an app add-on that forces your web browsers to use encryption when connecting to websites.
If you received notification from a company about a possible breach, it is always best practice to change that password and any similar passwords immediately.
Go to BBB.org for more information. In the United States, visit the FTC for more information on cybersecurity. In Canada, visit the Canadian Centre for Cybersecurity.
For more information or further inquiries, contact the Wisconsin BBB at www.bbb.org/wisconsin, 414-847-6000 or 1-800-273-1002. Consumers also can find more information about how to protect themselves from scams by following the Wisconsin BBB on Facebook, Twitter, Instagram and YouTube.
ABOUT BBB: For more than 100 years, the Better Business Bureau has been helping people find businesses, brands and charities they can trust. In 2020, people turned to BBB more than 220 million times for BBB Business Profiles on 6.2 million businesses and Charity Reports on 11,000 charities, all available for free at BBB.org. There are local, independent BBBs across the United States, Canada and Mexico, including BBB Serving Wisconsin which was founded in 1939 and serves the state of Wisconsin.