This document provides tips for creating strong and unique passwords. It recommends passwords be at least 8 characters long and contain a mix of uppercase letters, numbers, and symbols. It suggests using phrases and modifying them slightly for different sites. The document also advises using two-factor authentication when available and warns against sharing passwords or entering them based on links in emails.

1. How to Create (and use)
Strong & Unique
Passwords
Larry Magid
Co-director
ConnectSafely.org

2. Passwords should be:
• At least 8 characters long
• Contain at least one number
• Contain at least one capital letter
• Contain at least one symbol (like #, %, &)
• Not be a real word, name or anything that would be relatively easy to
guess
Go to next slide for suggestions

3. Think of a phrase you can remember
Come up with a phrase and use a character from each word. Use
capitals where appropriate
Example
“I met Susan Morris at Lincoln High School in 1991”
The password could be: ImSMaLHSi#91

4. An easy way to make each password
unique
• Add a letter or two to the password based on the name of the site
you’re logging into. For example
• Amazon: aImSMaLHSi#91z (added an A to beginning and a z to end)
• Google: gImSMaLHSi#91
• Twitter: tImSMaLHSi#91r

5. Change your passwords if & when:
• There has been any type of security breach on the site or your system
• You have lost a device that has the password stored
• Someone else gets hold of your password
• And even if none of this happens, change them every few months

6. Consider 2-Factor Authentication
• A growing number of sites allow you to use two-factor
authentication: Something you know & something you
have.
• Typically, the site will send a code to your phone that you
type in along with your username and password. Anyone
trying to access your site without your phone is out-of-
luck.
• Some sites (like Google) only require it if you’re on a new
device. Others require it each time.
• Downsides are it’s a little inconvenient and a hassle if you
don’t have your phone
• Upside: It’s a lot more secure (but not 100% secure)

7. Be wary of tricks to get your password
Avoid phishing: Never enter a password based on a link in an email
unless you’re absolutely sure it’s legitimate. It’s safer to type in the web
address of your bank or other company rather than clicking on a link.
Don’t’ give our password over phone: Be skeptical If you get a call
from a service you use or your company’s network support department
asking for a password. Tell them you’ll call them back and find out if it’s
legitimate.

8. Consider using a password manager
• Password managers store and enter passwords for you. You can
create really strong passwords (or let them generate random ones)
and all you need to remember is the password manager’s password
• Examples:
Lastpass
Roboform
Kaspersky Password Manager
DataVault Password Manager (iPhone)
mSecure Password Manger (Android)

9. Use a very strong passwords for:
• Email:
• Many sites will send your password to your email address so it’s important
that it be very secure
• Social network sites
• Your reputation can be affected if someone posts negative and abuse material
in your name
• Banking
• Pretty much goes without saying that you want a strong lock on your bank
account
• E-commerce sites
• Don’t let anyone go on a shopping free with your money

10. Never share your passwords
Sharing a password is not a sign of being a good friend. Even if you
really trust that person:
• A friend can become an ex-friend
• Your friend might not be as careful as you are
• Your friend might use the password on a machine that’s not all that secure
• Possible exceptions are kids sharing with parents or spouses sharing with
each other

11. For more on strong passwords:
passwords.connectsafely.org
Larry Magid
Co-director
ConnectSafely.org
larry@ConnectSafely.org