Best tips for password security

A representational concept of a social media network
(Image credit: Shutterstock / metamorworks)

We’ve never kept as much personal information online as we do these days and, for the most part, that important, sensitive data is secured behind passwords – so it’s crucial to have top-notch password security.

If you’re not convinced, just consider the sheer amount of data that someone could reach if they guess a weak password. Within minutes they could access your emails, bank accounts, medical records, social media profiles and even more.

Don’t panic if you need some password help, though – read our article and be proactive instead. We’ve rounded up seven of the top tips for creating robust, secure passwords, and you can use these for new passwords and for updating existing passwords that might be a bit too weak.

That’s not the end of our security advice, either. Head here for our verdict on the best secure file hosting services, and look no further if you need advice on the differences between consumer and business antivirus software.

Avoid real worlds and personal information 

If you want to create strong passwords then you need to avoid numbers and letters that are easy for nefarious people to guess.

That means avoiding real words, which can be quickly exposed in dictionary attacks. You should also stop using personal information in your passwords, like important dates or crucial names – if you use that kind of information, anyone who gets access to a sliver of personal data could guess your passwords. Don’t create passwords that follow patterns or rows on your keyboard, because those sequences are easier to guess for brute force and dictionary attacks.

Instead, you should create passwords with randomized strings of letters, numbers and special characters. Use letters in their upper and lower case forms, and make passwords as long as possible – because longer passwords are trickier for automated systems to hack. Alternatively, use phrases to create long passwords that are easy to remember but still hard to crack.

You should also strengthen passwords and PIN codes on devices if you can. Apple and Android devices both have varying password complexity options, so you can choose to use stricter codes and login methods rather than just a four-character PIN – so it’ll be harder for anyone to get into your phone, tablet or laptop.

Don’t repeat passwords

It’s all too tempting to use a single password phrase for multiple sites – it’s an easy way to remember logins for lots of different places.

And while we’ve all done it, that’s not necessarily the best way to keep your emails, social media sites and other accounts secure.

Instead, use separate passwords for every site, app or system that you use. While this might seem tricky to remember, it’ll make your data far more secure, because it can protect other sites even if one of them gets hacked.

Use a password manager

There’s one easy way to get around the tricky issue of remembering loads of different passwords – use a password manager.

A top-notch password manager will save all of your passwords in encrypted files, so you can feel confident that your data is protected and you don’t have to go through the headache of trying to remember loads of different phrases.

The best password managers include password generation modules, too, so you don’t even have to create passwords yourself – they’ll create ultra-safe phrases for you instead. A top-notch password tool will automatically fill usernames and passwords, some include VPNs, and all offer multi-factor authentication for extra security.

If you’d like some guidance about finding one of these tools, look no further – because we’ve got a rundown of the best password managers

Don’t rely on your browser

Many top browsers offer their own password management modules. In theory, that’s great, as you can store your passwords right there instead of relying on yet another tool.

In reality, though, if you want the best password security, you shouldn’t store passwords in your browser.

Hackers can use cookies and malware to steal passwords directly from browsers, and proper password managers usually have better encryption– so your data is safer. That remains the case if your device is stolen, too, because your passwords aren’t right there in your browser for anyone to find.

Don’t write them down

We’ve all got family members who keep passwords on a piece of paper or inside a notebook. And if you’re not particularly tech-savvy, that probably seems like a good way to ensure you never forget a password.

That’s certainly true, but it’s also a great way for a criminal to gain access to all your important accounts – and all they’ve got to do is break into your house, steal your car or snatch your bag.

Never keep your passwords written down. Instead, use a password manager with multi-factor authentication to ensure total protection.

Use stronger authentication methods

Indeed, you should use multi-factor authentication (MFA) wherever possible – on your passwords, your password manager, and your devices.

This system – known as MFA or two-factor authentication (2FA) – improves security by adding extra layers of protection to all of your logins.

If you use MFA or 2FA then someone cannot gain access to your accounts if they only input your password. Instead, your password needs to be accompanied by extra verification. Sometimes it’s your fingerprint, on other devices it’s facial recognition, and alternative methods use third-party authentication apps or security codes that get sent to your phone.

This extra security means no one can get into your accounts if they’ve only got your password – they need extra information from you, too. It’s a tremendous way to make your accounts more secure, and you should always activate it when available.

Don’t keep them for too long

You might have a robust security regime protected by multi-factor authentication, strong passwords and biometrics, but no security system is completely infallible.

To add an extra layer of protection to your most valuable data, you should change your passwords every few months.

Because frequent hacks expose username and password data for billions of accounts, it’s pretty likely that your passwords will end up on the dark web at some point – but if you regularly change your passwords, those old codes are useless.

We've listed the best password generators.

Mike has worked as a technology journalist for more than a decade and has written for most of the UK’s big technology titles alongside numerous global outlets. He loves PCs, laptops and any new hardware, and covers everything from the latest business trends to high-end gaming gear.