Using strong, unique passwords or passphrases help protect your online accounts from cyber criminals. Strong passwords/passphrases serve as the first line of defense for protecting your financial information, and sensitive or personal information.

Avoid using weak, short passwords for your work or personal accounts because they're easy for cybercriminals to guess. Also, don't use the same password for multiple accounts. Doing that is like locking your front door but leaving the key in the lock.

Protect your online accounts and devices, as well as the sensitive or personal data that you keep there.

What you can do

• Use /mnit/assets/Stay%20cyber%20smart%20-%20Use%20strong%20passwords_tcm38-710079.pdfthis handout to create strong passwords.
• Review this /mnit/assets/Passwords%20and%20Passphrases_tcm38-708144.pdfPasswords & Passphrases handout for helpful tips.

Seven tips to protect your accounts and devices:

 1. Use strong, unique passwords or passphrases. 

Use a strong, unique password or passphrase to protect each of your devices – phone, work laptop, home computer, and WiFi equipment – and each of your online accounts, including bank, social media, retail, and email. 

Each password or passphrase should be different than the next, so if a cybercriminal compromises your social media password, they can't access your bank account because you've set up a different password for that account.

• A strong password or passphrase uses multiple random words, special characters, numbers, and is at least 14 characters long.

2. Create non-personal passwords or passphrases.

Many people incorporate personal information like family names and dates into their passwords to make them easier to remember; but that’s not safe. 

Do not use passwords or passphrases that include personal data. With so much data available online, using personal information makes it easier for cyber attackers to hack those accounts quickly. 

3. Avoid using common interests or places in your passwords or passphrases.

• Places: Rome, London and other major cities are popular choices for passwords. Pick a random place that means something only to you.
• Teams, musicians, and people: The Phoenix Suns and Miami Heat are used by 2 million people. Although the Twins and Vikings aren’t in the Top 10, those names and Taylor Swift aren’t the best choices.
•  Check out the list of most common passwords for 2026.

4. Avoid using common names, words or sequences.

• Personal data: Family or pet names and birthdates. The most common names to use in a password are Eva, Alex, Anna, Max, and Ava.
• Curse words: The top-used curse word has over 26 million occurrences.
• Number/letter sequences and years: 12345678 is no better than 123 or qwerty, your birth year, or the current year. 

5. Use a password manager.

A reliable password manager can generate and store all your passwords and passphrases in one place. Then, you only need to remember one password – the one for the password manager. 

Check industry expert recommendations from recognized sources like CNET, PC Magazine, and Wired.

6. Check for data breaches.

Regularly check the https://haveibeenpwned.com website to see if your accounts have been compromised or if there are known exposures.

7. Immediately change passwords and passphrases involved in a known or suspected breach.

If your account has been compromised, change the password/passphrase immediately. Also, change any passwords and passphrases that are similar.

It’s faster to change passwords and passphrases now, than to resolve data exposure issues later.