Skip to main content
Microsoft 365
December 29, 2022

How to choose a strong & secure password for your digital life

Choosing a strong and secure password will prevent bad actors from easily getting into your accounts and accessing your personal information and data. Follow these tips to learn how to create a strong password to keep your data secure.

Would you be okay with living in an apartment that had the same key as dozens of other units in your building? Probably not – that would make it too easy for unauthorized people to enter. The same is true for passwords online – if you’re using the same password across different websites, have the same password that other people are using, or you’re using passwords that are easily guessable, you’re making it much easier for someone else to figure it out and access your accounts.

How can a hacker get my password?

Here are some common ways that hackers can easily get their hands on your password.

Data breaches

When user data is leaked or stolen from companies, it is considered a data breach. This user data could contain personally identifiable information, as well as usernames and passwords. The dark web sometimes sells this data. Hackers know that people reuse login info across different websites, so they may attempt to use one set of leaked credentials on multiple accounts. For this reason, it’s important to use different passwords for each of your online accounts and to change them frequently, so that a single breach wouldn’t jeopardize multiple accounts.

Brute-force

A brute-force attacker simply uses trial and error to guess your password until they finally get it right. Because hackers do this frequently, it’s important to choose a password that’s hard to guess and isn’t common.

Write with Confidence using Editor Banner
Microsoft 365 Logo

Write with Confidence using Editor

Elevate your writing with real-time, intelligent assistance

Learn more

Phishing

Phishing is when a hacker tricks someone into entering their login information on a fake login screen. For example, your coworker receives an email from what appears to be IT telling her to update her work email login information. She clicks the link in the email, resets her email password by entering her current password, chooses a new password in what looks like a typical password-changing portal, and then closes the window. Little does she know that the email wasn’t from IT—it came from someone impersonating IT with design and a fake email address.

What is a strong password?

A strong password is one that is unique and complex. A strong password is one that:1

  • Uses at least 12 characters. 14 or more is better.
  • Uses a combination of upper and lowercase letters.
  • Uses a combination of numbers and symbols.
  • Does not use a word that can be found in a dictionary, or the name of a person, character, product, or organization. If you want to use a word or phrase you’ll remember, misspell it, or include numbers or letters. For example, the password “tHr33b1rd$” is stronger than the password “threebirds”.
  • Is different from your other passwords.
  • Does not include your name, a family member’s name, or a pet’s name. These are too easy to guess.
  • Does not include phone numbers, birthdays, addresses, or Social Security numbers.2
  • Is not a popular password like “123456”, “qwerty”, “password”, “111111”, or “password123”
  • Is updated regularly. Cybersecurity experts recommend creating a new password every three months.3

Tips to create a strong password

That’s a lot to keep track of, so you might consider using a password generator that can automatically create a strong, random password for you. Luckily, many web browsers like Microsoft Edge come with a password generator feature baked in, so you won’t need to install a third-party extension.

Even though password generators provide ultra-secure passcodes, you should still use different passwords for each of your online accounts. The downside to password generators is that their output is hard to remember off the top of your head – for example, a password generator may spit out something like “ZF5CnT4zne__s-r3”.

Get extra security with two-factor authentication

On top of having a strong password, two-factor authentication (also known as multi-factor authentication or 2FA) is recommended4 to secure your accounts. This extra layer of security requires more than just a username and password to get into an account and is something you can easily set up in just a few minutes. Two-factor authentication can work in a few different ways, but a common two-factor authentication method features a special code sent to you via email, text message, or phone call. This code must be entered on top of your regular password to log into your account.

Setting up two-factor authentication is a must for those who want full security for their online accounts. For example, let’s say your bank login information is discovered by a hacker in a data breach. Now it doesn’t matter that your password is long and contains special characters and numbers—it was leaked. But without access to your phone, they can’t get into your account with the password alone if you have two-factor authentication set up.

Keeping your accounts secure is essential to safeguard your personal information. Now that you have the tips to make a strong password, you can set off and start creating new, stronger passwords with confidence.


Get started with Microsoft 365

It’s the Office you know, plus the tools to help you work better together, so you can get more done—anytime, anywhere.

Buy Now

Topics in this article

Microsoft 365 Word, Excel, PowerPoint, Outlook, OneDrive, and Family Safety Apps
Microsoft 365 Logo

Everything you need to achieve more in less time

Get powerful productivity and security apps with Microsoft 365

Buy Now

Explore Other Categories