Password management: protection and ease of use

Let’s explore how to keep your passwords safe—and what makes a good one in the first place.

Tip #1: Create a strong password

It’s paramount to have a complex and unique password. The better your password, the less likely a cybercriminal will be able to hack it.

To create a secure, safe password, you should:

• Avoid personal information. Professional hackers can quickly find your birthday or your pet’s name online. Do not include any of this information in your password.
• Leave out real words. Cybercriminals often use password-cracking tools. These advanced tools can easily guess words from the dictionary or proper names.
• Use special characters. Password-cracking tools struggle with complex, abstract passwords. Combine uppercase letters, lowercase letters, numbers, and special characters, such as “$” to make safe passwords.
• Add length. Long passwords take more time to crack. In some cases, they might be too long to crack. Add some length to your password if it falls below ten characters.
• Throw in an unknown acronym. People who struggle to remember passwords often make them easy to guess. Personal acronyms can help you remember your password but are hard for tools to crack. For example, “Row Row Row Your Boat” could become a password like “142RRRyB!”

Microsoft Defender

Stay safer online with one easy-to-use app<sup>1

1</sup>Microsoft 365 Personal or Family subscription required; app available as separate download

Learn more

Tip #2: Don’t write safe passwords down

We all forget our passwords on occasion and can be tempting to write your safe passwords down. Yet, this can be a dangerous way to remember how to access your accounts. It makes secure passwords unsafe.

If you write your password down on a sticky note, anyone passing by can see it. Leaving physical evidence lying around applies to both work and home situations. A cybercriminal posing as an office staff member could walk by and write it down. A cybercriminal working on a home services crew could pass by your computer on the way to the bathroom.

There are safe alternatives to writing your passwords down. For example, OneDrive offers a Personal Vault feature that provides a secure way to store your most sensitive information in the cloud.

Tip #3: Use different passwords on different accounts

If a hacker cracks your password on one account, he or she will automatically try that password again on your other accounts. This method is the fastest way for a hacker to access all of your most important personal information.

Use a different password for each of your accounts to prevent this from happening. The temptation lies in changing only a letter or number for each account, but this is not enough. Once a hacker cracks your original password, he or she can easily figure out the rest.

Use your credential manager to make it easy to remember each password. Browsers like Edge even offer built-in password managers. You can also try to make each password somewhat relevant to the account. For example, your password could be “403gE&H” for a grocery delivery account. (A reference to Green Eggs and Ham, by Dr. Seuss.)

Tip #4: Consider two-factor authentication

Two-factor authentication is one of the newest tools to combat hackers. It asks you to provide additional information beyond your password to log in to services or accounts.

When you use two-factor authentication, you will have to enter extra information when you log into your account. In most cases, this information will come from:

• Prior knowledge. An account may ask for a PIN you already know or answers to a secret question you created.
• A tool or item you own. An account may send your phone a one-time security code for you to enter.
• Your being. Advanced tools may need to review your voice or face to confirm your identity.

Two-factor authentication allows you to protect your account even if someone steals your password.

Tip #5: Choose services with built-in privacy and security

You use all kinds of online websites and accounts every day. To keep your passwords safe, you should prioritize services that build in privacy and security from the ground up.

Look for built-in privacy and security when choosing online services, like cloud storage. For example, OneDrive offers a high level of protection. This internet-based storage platform provides all the benefits of cloud storage like access to files on multiple devices while also including security features like:

• Encryption of your files at rest and in transit
• Monitoring for suspicious activity
• Detecting ransomware
• Scanning of downloads for known threats

OneDrive also offers an additional layer of security. To access your Personal Vault, you have to engage in two-factor authentication. The account will ask for your fingerprint, face, PIN, or an emailed or SMS code.

This extra level of protection will help you protect your safe passwords from hackers.