Password Security Guide
Learn how to protect your accounts with strong passwords and security best practices
π Password Best Practices
Use Long Passwords
Aim for at least 12-16 characters. Length is one of the most important factors in password strength. Every additional character exponentially increases the time needed to crack your password.
Be Unpredictable
Avoid common words, names, dates, and patterns. Mix uppercase, lowercase, numbers, and special characters. Don't use personal information that can be found on social media.
Unique for Every Account
Never reuse passwords across different accounts. If one account is compromised, all others become vulnerable. Use a password manager to keep track of unique passwords.
Use Passphrases
Consider using memorable passphrases made of random words. They're easier to remember and can be very strong when combined with numbers and symbols.
Avoid Common Patterns
Don't use sequential characters (abc, 123), repeated characters (aaa, 111), or keyboard patterns (qwerty, asdf). These are the first things attackers try.
Change Compromised Passwords
If a service you use gets breached, change that password immediately. Also change it on any other accounts where you might have reused it (but you shouldn't be reusing passwords!).
βοΈ Common Attack Methods
Brute Force Attacks
Attackers systematically try every possible combination of characters until they find the right password. Modern computers can try billions of combinations per second.
Dictionary Attacks
Attackers use lists of common words, names, and passwords from previous breaches. They also try common variations like adding numbers or symbols.
Phishing
Attackers trick you into entering your credentials on fake websites that look legitimate. They may send emails pretending to be from trusted services.
Credential Stuffing
Attackers use username/password combinations leaked from one breach and try them on other services. This works because people reuse passwords.
ποΈ Password Managers
Password managers are essential tools for modern security. They generate, store, and autofill strong, unique passwords for all your accounts, so you only need to remember one master password.
Why Use a Password Manager?
- β Generate strong, unique passwords automatically
- β Remember passwords so you don't have to
- β Autofill credentials securely
- β Sync across all your devices
- β Alert you to breached passwords
- β Protect against phishing (won't autofill on fake sites)
Recommended Password Managers:
π Two-Factor Authentication (2FA)
Two-factor authentication adds an extra layer of security by requiring two different forms of verification: something you know (password) and something you have (phone, security key, or app).
Types of 2FA (from most to least secure):
Hardware Security Keys
Physical devices (like YubiKey) that you plug into your computer or tap on your phone. Most secure option and resistant to phishing.
Authenticator Apps
Apps like Google Authenticator, Authy, or Microsoft Authenticator generate time-based codes. More secure than SMS and work offline.
SMS Codes
Codes sent via text message. Better than nothing but vulnerable to SIM swapping attacks. Use only if other options aren't available.
2FA Best Practices:
- Enable 2FA on all important accounts (email, banking, social media)
- Save backup codes in a secure location
- Use authenticator apps instead of SMS when possible
- Consider a hardware security key for critical accounts
- Don't share 2FA codes with anyone