Creating and remembering a unique password or passphrase for every account and device you own is challenging; yet, doing so is important to protect your accounts and the personal data they contain.

Most people have social media, financial, and online accounts – bank, credit card, retail, and email – and multiple device accounts for phones, work laptops, home computers, and WiFi equipment, that require security protections. 

To make it easier to remember passwords, many people incorporate personal information like names and dates. But that’s not safe. With so much data available online, using personal information makes it easier for cyber attackers to hack those accounts quickly.

A typical eight-character password may no longer be enough to protect your accounts and devices from being hacked. To better protect your data, you should use a strong password or passphrase:

• A password with many random mixed-case letters, numbers, and symbols such as cXmnZ65*&D.
• A passphrase with five to seven random words, numbers, and symbols such as Horse1Purple%Hat$Run*Now.

Here are seven tips for creating passwords or passphrases, as well as using a password manager, that will help keep your online data and devices secure.

1. Determine whether to use a password or a passphrase to protect accounts and devices. 

Consider that long, random passwords may be easier to hack and harder to remember, while a long, random passphrase may be harder to hack and easier to remember.

2. Create a long, strong, unique password or passphrase for each account and device.

Do not use passwords or passphrases that include personal data, common words, or number sequences. Check out the list of most common passwords for 2025.

3. Avoid using these common interests or local places in your password or passphrase:

• Activities: Hobbies and sports like fishing, kayaking, blading, or yoga aren’t that uncommon, and Pickleball is rising in use.
• Places: Twin Cities, Duluth, Valleyfair, Mississippi, park names, and cities. Rome and other major cities are popular choices. Pick a random place that means something only to you.
• Teams, musicians, and people: The Phoenix Suns and Miami Heat are used by 2 million people, and although the Twins and Vikings aren’t in the Top 10, they and Taylor Swift aren’t the best choices.

4. Avoid using personal information, or these common words or sequences:

• Personal data: Family or pet names and birthdates. The most used names include Eva, Alex, Anna, and Max with over 7 million people each using Eva and Alex.
• Curse words: The top-used curse word has over 26 million occurrences.
• Seasons, months, days: Summer, Friday, and May top out these unoriginal choices.
• Number/letter sequences and years: 12345678 is no better than 123 or qwerty, your birth year, the year 2000, or the current year. Close to 10 million people alone use 2010.
• Food and beverages: Favorite foods and drinks are popular – with ice, tea, and pie in the Top 3.

5. Use a password manager.

A reliable password manager can generate and store all your passwords and passphrases in one place. Then, you only need to remember one password – the one for the password manager. Check industry expert recommendations from recognized sources like CNET, PC Magazine, and Wired.

6. Check for data breaches of your passwords or passphrases.

Regularly look for verified, known exposures at https://haveibeenpwned.com.

7. Immediately change passwords and passphrases involved in a known or suspected breach.

Also, change any passwords and passphrases that are similar. It’s faster to change passwords and passphrases now, than to resolve data exposure issues later.