Strong passwords: 9 rules to help you make and remember your login credentials


Strong passwords are of course key to your security. The challenge is to create strong passwords you can actually remember, without stumbling into the bad habits that can harm you — like reusing the same password for multiple accounts. But how many passwords can you actually remember? You could easily have 85 passwords for all your accounts, from banking to streaming to social media, according to LogMeIn, which makes the LastPass password manager.

Weak passwords, or overusing the same password, can have serious consequences if your data is compromised — even if that password is strong. For example, companies reported 5,183 data breaches in 2019 that exposed personal information like login credentials and home addresses that someone could use to defraud you or steal your identity. And since 2017, hackers published 555 million stolen passwords on the dark web that criminals can use to crack into your accounts.


Password security may not completely prevent your data from being exposed, but these best practices can help minimize your risk if it is. Here’s how to create and manage the best passwords, how to find out if they do get stolen, and one essential tip to make your accounts even more secure.

Use a password manager to keep track of your passwords

Strong passwords are longer than eight characters, are hard to guess and contain a variety of characters, numbers and special symbols. The best ones can be difficult to remember, especially if you’re using a distinct login for every site (which is recommended). This is where password managers come in.

trusted password manager such as 1Password or LastPass can create and store strong, lengthy passwords for you. They work across your desktop and phone.

The tiny caveat is that you’ll still have to memorize a single master password that unlocks all your other passwords. So make that one as strong as it can be (and see below for more specific tips on that).

Browsers like Google’s Chrome and Mozilla’s Firefox also come with password managers, but our sister site TechRepublic has concerns about how browsers secure the passwords they store and recommends using a dedicated app instead.

Password managers with their single master passwords are, of course, obvious targets for hackers. And password managers aren’t perfect. LastPass fixed a flaw last September that could have exposed a customer’s credentials. To its credit, the company was transparent about the potential exploit and the steps it would take in the event of a hack.

Yes, you can write your login credentials down. Really

We know: This recommendation goes against everything we’ve been told about protecting ourselves online. But password managers aren’t for everyone, and some leading security experts, like the Electronic Frontier Foundation, suggest that keeping your login information on a physical sheet of paper or in a notebook is a viable way to track your credentials.

And we’re talking about real, old-fashioned paper, not an electronic document like a Word file or a Google spreadsheet, because if someone gains access to your computer or online accounts, they can also gain access to that electronic password file.

Of course, someone could also break into your house and walk off with the passkeys to your entire life, but that seems less likely. At work or at home, we recommend keeping this sheet of paper in a safe place — like a locked desk drawer or cabinet — and out of eyesight. Limit the number of people who know where your passwords are, especially to your financial sites.

If you travel often, physically carrying your passwords with you introduces greater risk if you misplace your notebook.

Find out if your passwords have been stolen

You can’t always stop your passwords from leaking out, either through a data breach or a malicious hack. But you can check at any time for hints that your accounts might be compromised.

Mozilla’s Firefox Monitor and Google’s Password Checkup can show you which of your email addresses and passwords have been compromised in a data breach so you can take action. Have I Been Pwned can also show you if your emails and passwords have been exposed. If you do discover you’ve been hacked, see our guide for how to protect yourselfRead more>>