Skip to main content
November 22, 2021 | fraud--identity-protection

Tips for Creating Strong Passwords

Leah Bury

Finance Writer

We’ve all seen movies where a hacker is perched in front of a computer typing furiously, attempting to hack someone and steal their information. In reality, hacking is a lot less dramatic, and happens all the time. We are all at risk of having our information compromised, but we can all boost our levels of security with a few simple tricks. Read on to learn how to create a stronger password.

Ways passwords get hacked

Before we dive into some tips, it is important to understand the ways that hackers get our passwords in the first place. Here are some common methods of password hacking:


Phishing is a psychological tactic where cybercriminals try to manipulate you into giving them your personal information. Phishing attacks typically come in the form of an email from a seemingly reputable party, like a bank or a network provider. The goal of the email? To get you to log in with your real account credentials, thereby passing them along to the phisher. For example, you may get an email that tells you there’s a problem with your account, asking you to click on a link to verify your identity by logging in with your password. The site will be designed to look legitimate, so if you’re not paying attention, you won’t even realize you’re handing your information right over to hackers.

Brute Force:

This type of attack occurs when a hacker continuously enters different guesses of what your password may be until they are able to get in successfully. Hackers use computer programs to automate the guessing and make thousands of guesses in seconds. This tool estimates how long it would take for a computer to crack your password. The password “dogpark5”, for example, would take only one minute to crack.


There is a type of software called a keylogger that can track your keystrokes. Sometimes hackers will install a keylogger on your computer, maybe by getting you to click a link that downloads the software, unbeknownst to you. Once a keylogger is installed on your system, the hacker has visibility into everything that you type and can easily collect your passwords.

Credential Stuffing:

This type of attack relies on the fact that many people use the same password for multiple accounts. A hacker that already has your login information for one website will then attempt to use that username and password combination for many other websites. Hackers can pretty easily find stolen login information on the Dark Web, or through data breaches, and use that information to try to log into other sites.

Quick Tips for a Strong Password

  • Avoid using personal information. Your password should not contain information that can be easily found on the internet, like your name, address, city, birthdate, and so on.
  • Make it long. While it’s harder to remember, yes, a longer password is simply more secure. Your password should be at least 8 characters (which most websites require anyway), but if you can get it up to 12-16 characters, that is ideal.
  • Don’t recycle your passwords. As tempting as it can be to use the same password for all the accounts that you use, this is one of the easiest ways to have your information compromised. As explained above, if someone has the password for just one of your accounts, and you use the same password for multiple accounts, you could become the victim of password spraying.
  • Include a mix of character types. Don’t just type two words and call it a day. Your password should include a mix of numbers, symbols, and uppercase and lowercase letters.
  • Don’t use sequential numbers or common keystrokes. When inserting numbers into your password, avoid sequential numbers like “12345”, as well as common keystrokes like “qwerty”. Choose numbers and letters that are far apart from one another on your keyboard.

Keep Passwords Secure

Creating a strong password is a great start to improving the security of your information, but there are additional steps you can take to stay protected.

Password Manager

As mentioned, it is recommended that you use different passwords for every site that you use. But remembering that many passwords can be very challenging. Consider using a password manager, which is a tool that keeps track of all the passwords that you have. With a password manager, you only need to remember one password, which is called the master password. Dashlane and LastPass are two popular password managers.

Two Factor Authentication

For an extra layer of security, always use two-factor authentication. With two-factor authentication, you are asked to complete an additional step after entering your username and password to verify your identity. This extra step makes it a lot harder for hackers to gain access to your account. The second piece of information, or “factor”, will be:

  • Something you know, like a PIN or an answer to a question
  • Something you have, like a smartphone, or
  • Something you are, like a fingerprint

The most common method of two-factor authentication is through an authentication app, like Google Authenticator, which generates unique, one-time authentication codes that refresh every 30 seconds. When you log into an account that is using two-factor authentication, it will prompt you to enter the PIN on your authenticator app.

Other Recommendations

As technology continues to advance, safety recommendations will too. Here are some basic rules to keep in mind when you’re interacting with technology:

  • Never click on a link within an email. It’s always better to navigate directly to the site, especially if the email is asking you to login or verify information.
  • Make sure your software is always up-to-date. This rule applies to computers, but it also applies to phones, cars, and anything else with a “brain”!
  • Keep your information to yourself. Unless someone else absolutely needs to know, don’t share logins or passwords.
  • Beware phone calls from tech support. If you receive a phone call or direct message from someone claiming to be tech support, do not give them any information. Call the company directly via a phone number that you found, not that they gave you.

Safety in Seconds

Now that you know what makes a strong password and some basic steps to protect you and your information, it’s time to update the strength of your passwords. Updating only takes a short amount of time, but it can save you a significant amount of headaches and complications should your accounts get hacked.

Looking for a new credit union?

Become a member today!

Open an Account