Home > Resources for Library Staff > Teaching Moments > Creating Strong Passwords

Teaching Moment

Creating Strong Passwords

We’ve all had to create passwords when setting up a new online account. In fact, you probably have dozens of passwords for your email, banking, shopping, and other accounts. But are you making common mistakes that weaken your password and make you more vulnerable to having your personal information stolen? Here are some important tips for making sure your data is protected.

  • When you have a lot of online accounts, you might think it’s best to re-use the same password for all your accounts. But that’s not a good idea — if one account is compromised, that makes all your other accounts with the same password more vulnerable. Instead, consider using a password manager. These tools can be used to store all your passwords and help you generate strong passwords for new accounts. All you need to do is remember the password for the manager–so make sure it’s strong!
  • We share a lot of personal information about ourselves on social media and other online sites. So it’s not a good idea to use information about us — the names of family members or pets, our favorite movie or book — in our passwords. Ideally, you want your passwords to be memorable to you but not something other people could easily guess.
  • Every year, there are security breaches at major companies, and login credentials are posted online. From this, researchers have compiled lists of the most popular passwords, and we can see that people tend to use really simple passwords, including the word “password.” Make sure your password isn’t likely to land on one of these lists by making it long and complex. That doesn’t mean it needs to be a random string of letters, numbers, and symbols–it could be four random words strung together.
  • For accounts that store sensitive information like your bank or email, you may want to add two-factor authentication (2FA) to provide an additional layer of security. 2FA means that in addition to entering a password, you have to verify your identity through a second method, typically via a PIN texted to your phone or through an authentication app.