Made possible by generous funding from

AT&T Logo

Passwords (a love/hate story)

Passwords are often the weakest link in our online lives. Are you using the same password for multiple sites? Are you using passwords like “123456” or “pa$$word?” Or are you using birthdays or pet names that someone could find on your social media profile? Weak passwords pose unacceptable risks and the consequences, loss of identity, or financial loss could be catastrophic. I’m not going to sugar coat it. You need to use strong, unique passwords for your online accounts and enable two-factor authentication on your important (banking, email, sensitive) accounts. We’ll talk about passwords in this section, and two-factor authentication in the next.

What makes a strong password?

A strong password is long (a minimum of 8 characters) and random. A strong password doesn’t exist in books, movies, music, dictionaries, or memes. Traditional passwords consist of both lower and upper-case letters, numbers, and special symbols.

LastPass generated password

This is a very strong (14 character) password using upper-case and lower-case letters, numbers, and a special symbol generated by LastPass. This would be a great password for a bank account or other financial site. It’s also impossible to remember and a pain to type in. Fortunately, you can use your browser or a password manager to remember these for you.

Unique passwords

Using a unique password for each online account is the best way to limit the damage if you are hacked. Cybercrooks will often buy huge databases of hacked credentials (usernames and personal information) online and then try combinations of usernames and passwords across banking sites, email platforms, shopping sites, etc. This is called credential stuffing and doesn’t require any skill whatsoever. If you are hacked, having unique passwords for each site will limit your exposure.

Passphrase to the rescue

An alternative to passwords are passphrases. A passphrase is simply a list of 5 or 6, or more, unrelated words. They can’t normally exist together and shouldn’t all be from the same topic area, like all sports teams. You could open a book and randomly pick words (close your eyes and point?) from random pages. Or choose a vegetable, an animal, a city… you get the point. Random. No relationship. No known phrases.

passphrase generatorYou can use an online passphrase generator to create unique phrases. This one lets you choose 4, 5, or 12-word passphrases.

Create your own personal acronym

Another option is to create an acronym from a meaningful event in your life. For instance, the phrase “my favorite class at ASU was PSY350!” could be turned into the acronym “mfcaASUwPSY350!” using the first letters and abbreviations. That’s a random 15-character password with upper and lower letters, numbers, and a special character. That’s strong and easy for me to remember!

Password managers to the rescue

Password managers can take much of the hassle out of practicing good password hygiene. All major browsers safely store your passwords. And there are a number of 3rd-party apps that not only store passwords, but offer lots of other helpful features as well. Look for the Password Managers module for more information.

Test your knowledge

CGOS Passwords
0% Complete
1 of 4
1. Which of the following is true of traditional strong passwords? (Check all that apply)