Passwords 101: How To Create, Manage and Share

Vault’s Viewpoint

• Strong passwords are essential to secure your personal data and finances online.
• Digital management tools make it easy to organize and share passwords safely.
• For security, passwords should be updated routinely and shared extremely selectively.

Featured Partner

Advertiser disclosure

Newsweek.com is part of an affiliate sales network and receives compensation through featured partners. This may impact how and where links appear across articles. Newsweek.com does not include all financial companies or all available financial offers.

1Password

Learn More

On 1Password’s Website

Free Trial

Yes

Encryption

AES 256-bit

Number of Devices

Unlimited

Price

up to $19.95/month

Features

• Unique dual-layer encryption for end-to-end protection
• Create, save, and autofill login credentials, addresses, credit cards, and more
• Temporarily share individual items with anyone (even if they don’t use 1Password!)
• Apps for macOS, iOS (and watchOS), Windows, Android, Linux, and your Command Line
• Browser extensions for Chrome, Firefox, Edge, Brave, and Safari
• Developer Tools (Visual Studio Code extension, SSH key management, Git commit signing, integrations, and more)

How To Create the Best Password for Your Account

No matter what type of account you are setting up, the first thing you should know is that the word “password” is one of the worst passwords you can choose. Once you have dodged this common pitfall, use the following tips to create a strong and unique password that can be committed to memory and resistant to cybercrime.

1) Include 12 Characters or More

The most important rule to follow while creating your login credentials is that a long password is a good password. Although most apps and websites only require passwords to be eight characters in length, longer passwords are tougher for hackers to crack—with each additional character adding credential complexity.

To reach 12 characters or more, secure passwords often contain several words, creating the nickname “passphrases.” When deciding on your passphrase, unrelated (or seemingly unrelated) words are usually better for security purposes because they are more difficult for hackers to guess. For example, the passphrase DesertCactus would be a lot easier to crack than GoofyFishTree.

2) Use a Mix of Letter Cases, Numbers and Symbols

By integrating a mix of letter cases, numbers and symbols into your password choices, you can increase the number of possible character combinations a hacker must attempt before breaching your information.

• Numbers: Do not use sequences like 1234 or 5678, nor should you use numbers that resemble a pattern—like 2468. You should also refrain from repeating numbers more than once (as in 000 or 111), especially when creating a PIN code or another strictly numerical password.
• Symbols: The symbols you are permitted to use for your password may vary depending on the platform for which you are creating an account. Most commonly, you can use symbols on your keyboard like “!@ # $ % ^ & * ( ) – _ + = { } [ ] | \?” in passwords, but special characters such as “∞§©√æ” are rarely accepted.
• Letters: Like with numbers, avoid sequential letters, both on your keyboard and in the alphabet. This includes asdf, qwerty, abcdefg and similar variants. It is also a good practice (and often required) to include a mix of lowercase and uppercase letters.

When capitalizing characters in your password, consider using uppercase letters that do not follow traditional formatting rules. For instance, if your password were Great12%North8, it may be more secure if written as gReat12%noRth8 instead, as that would be more difficult to guess.

3) Avoid Numbers, Names, and Words With Personal Information

While cybercriminals hunt for their next victim, passwords with your personal information can put you at risk of being an easy target. When creating a password, best practices include avoiding:

• Your city, state, region, email address, favorite sports team or street name
• Your first and last name, your spouse’s name, the names of your children or family members and the names of prominent public figures in your area
• Numbers related to your birthday, address, social security number, driver’s license or phone number

As a general rule of thumb, passwords should not contain any personal information that can be found about your life online.

4) Consider Something Mnemonic but Not Predictable

Mnemonic devices make passwords easy to remember, but that doesn’t mean those passwords are easy for hackers to crack. For example, let’s say your favorite meal is a hamburger and french fries with Heinz 57 Sauce—a brand that famously displays the number “57” on its label. Here, it would be easy for you to remember HamBurGer&FF57 (which is very secure), but difficult for a stranger to guess.

5) Be As Creative as Possible

Besides obviously at-risk credentials like 123456789, qwertyuiop and password1, there are also hundreds of common words and phrases that should be avoided in your password or passphrase selection. This includes (but is not limited to) days of the week, months, years, internationally known locations, common pet names and curse words.

If you are worried that a word in your passphrase is too common, you also have the option to mix letter cases or alternate spellings to enhance your credential’s security. In a sense, the more random your password seems, the more secure it stands against cyberattacks.

Smart Password Management Techniques

Although physically writing passwords down can sound like a smart way to avoid cyberattacks, this practice brings its own set of risks and challenges by opening yourself up to the possibility of theft, loss or difficult retrieval. In the digital age, secure password management tools can keep your information safe while enabling quick account access across multiple platforms.

Today, many people choose encrypted, cloud-based programs such as Password Manager from Google or Apple iCloud Keychain to safely store and organize their passwords. There are also many free and paid third-party password management tools available in 2024, including popular platforms from 1Password, BitWarden, Keepass and LastPass.

Password Management Best Practices

However you choose to manage your passwords, there are a few things you can do to keep your information as secure as possible. For immediate and ongoing security, the following is recommended:

1. Maintain a unique password for each one of your accounts
2. Update your passwords several times per year
3. Require multi-factor authentication (MFA) for an added layer of security

To keep your information safe, it is important never to share your passwords—or a device that contains your passwords—with any person without your absolute trust in them. Whether you receive a phishing email or someone asks to use your phone while using public transportation, smart password management can also be achieved by discerning potential risks and threats before they become a problem.

How to Share Your Passwords Securely

Whether it’s your spouse, co-worker or another person you trust, sharing passwords is sometimes necessary and should be done safely to keep your information secure. For example, emailing or texting your password verbatim to a coworker may create an unnecessary security risk, as these platforms are not always encrypted.

Instead, credentials are best shared in person or over the phone without creating a physical copy of the information anywhere whatsoever. If you find yourself needing to frequently share your credentials, a password management tool can increase visibility, oversight and control of how and where your information is saved and shared.