Safe Logins and Passwords

Why Passwords Matter

Your passwords are the keys to your digital life. Weak or reused passwords are the most common way attackers break into accounts. A single compromised password can lead to identity theft, financial loss, and privacy violations.

What Makes a Strong Password

• Length: At least 12 characters, longer is better
• Complexity: Mix of letters, numbers, and symbols
• Uniqueness: Different for every account
• Randomness: Not based on personal info, dictionary words, or patterns

Tip: A passphrase of random words (like "correct horse battery staple") can be both strong and memorable, but using a password manager is even better.

Use a Password Manager

No one can remember unique, strong passwords for dozens of accounts. A password manager solves this:

• Generates random, strong passwords
• Stores them securely (encrypted)
• Fills them in automatically on websites
• Warns you about reused or weak passwords
• Alerts you if your passwords appear in data breaches

You only need to remember one strong master password.

Enable Two-Factor Authentication (2FA)

Even the best password can be stolen. Two-factor authentication adds a second layer:

• Something you know (password) plus something you have (phone, security key)
• Even if attackers get your password, they cannot log in without the second factor
• Authenticator apps (like Google Authenticator or Authy) are more secure than SMS codes
• Hardware security keys (like YubiKey) provide the strongest protection

Enable 2FA on all important accounts: email, banking, social media, and cloud storage.

Recognize Phishing Login Pages

Attackers create fake login pages to steal your credentials:

• Always check the URL before entering your password
• Your password manager will not autofill on fake sites
• Bookmark important sites and use those bookmarks to log in
• Be suspicious of login prompts in emails or pop-ups

What to Do If Your Password Is Stolen

1. Change the password immediately
2. If you used the same password elsewhere, change those too
3. Check for unauthorized account activity
4. Enable 2FA if you have not already
5. Consider where the breach happened and be cautious of related scams

Password Hygiene

• Never share passwords with anyone
• Do not enter passwords on shared or public computers
• Log out of accounts on devices you do not own
• Regularly review your accounts and remove unused ones
• Check haveibeenpwned.com to see if your email appears in known breaches

Key Takeaways

• Use a unique, strong password for every account
• Use a password manager to generate and store passwords
• Enable two-factor authentication everywhere possible
• Verify you are on the real site before entering credentials
• Act fast if you suspect a password has been compromised