Using strong passwords or passphrases help protect your online accounts from cyber criminals. Strong passwords/passphrases serve as the first line of defense for protecting your financial information, and sensitive or personal information.

Using weak, simple passwords for your work or personal accounts – or using the same password for multiple accounts – is like locking your front door but leaving the key in the lock. Weak, simple passwords are easy for cyber criminals to hack.

What you can do

• Use a strong, complex password or passphrase (with upper- and lower-case letters, numbers, and special characters) for each of your online accounts. 

• Use a unique password or passphrase for each of your online accounts. Don't reuse the same password for multiple accounts.

• Use a long, complex password or passphrase for each of your online accounts. The longer it is, the harder it is for cyber criminals to guess. Each additional character increases the total number of possible combinations.

• Learn more: Download and review this /mnit/assets/Passwords%20and%20Passphrases_tcm38-708144.pdfPasswords & Passphrases handout for helpful tips.

Seven tips to help keep your accounts and devices more secure:

 1. Use a strong password or passphrase to protect each account and device. 

Most people have social media, financial, and online accounts – bank, credit card, retail, and email – and multiple device accounts for phones, work laptops, home computers, and WiFi equipment, that require security protections. For each one, use a strong password or passphrase to protect access. 

• A strong password uses random words, numbers, and special characters.
• A strong passphrase uses multiple random words, numbers, and special characters.

2. Create non-personal passwords or passphrases.

Many people incorporate personal information like family names and dates into their passwords to make them easier to remember; but that’s not safe. With so much data available online, using personal information makes it easier for cyber attackers to hack those accounts quickly. Do not use passwords or passphrases that include personal data.

3. Avoid using these common interests or local places in your password or passphrase:

• Activities: Hobbies and sports like fishing, kayaking, blading, or yoga aren’t that uncommon, and Pickleball is rising in use.
• Places: Twin Cities, Duluth, Valleyfair, Mississippi, park names, and cities. Rome and other major cities are popular choices. Pick a random place that means something only to you.
• Teams, musicians, and people: The Phoenix Suns and Miami Heat are used by 2 million people, and although the Twins and Vikings aren’t in the Top 10, they and Taylor Swift aren’t the best choices.
•  Check out the list of most common passwords for 2025.

4. Avoid using these common words or sequences:

• Personal data: Family or pet names and birthdates. The most used names include Eva, Alex, Anna, and Max with over 7 million people each using Eva and Alex.
• Curse words: The top-used curse word has over 26 million occurrences.
• Seasons, months, days: Summer, Friday, and May top out these unoriginal choices.
• Number/letter sequences and years: 12345678 is no better than 123 or qwerty, your birth year, the year 2000, or the current year. Close to 10 million people alone use 2010.
• Food and beverages: Favorite foods and drinks are popular – with ice, tea, and pie in the Top 3.

5. Use a password manager.

A reliable password manager can generate and store all your passwords and passphrases in one place. Then, you only need to remember one password – the one for the password manager. Check industry expert recommendations from recognized sources like CNET, PC Magazine, and Wired.

6. Check for data breaches of your passwords or passphrases.

Regularly look for verified, known exposures at https://haveibeenpwned.com.

7. Immediately change passwords and passphrases involved in a known or suspected breach.

Also, change any passwords and passphrases that are similar. It’s faster to change passwords and passphrases now, than to resolve data exposure issues later.