Passwords may not be easy to manage, but you can take a few easy steps to make sure they stay safe. After all, they control access to everything from your desktop computer to bank account – so managing them properly means you can protect a lot more private information than you think!

  • Don’t use the same password for more than one site or application. If you do, the hacking of only one site can lead to your password being leaked to the public, meaning malicious hackers now have access to all of your accounts.
  • The longer and more complex your password is, the more difficult it is for hackers to guess what it is. Come up with a passphrase (below) or use passwords that are at least twelve characters long, have multiple numbers and symbols, and don’t contain any dictionary words. The fewer of these elements a password contains, the more quickly a hacker can guess what it is.
  • Choose passwords that aren’t easy to figure out for anyone but yourself. You may come up with a passphrase instead by taking a sentence and changing its capitalization, adding symbols in recognizable or memorable locations, replacing letters with numbers, and avoiding the use of any words that might be in the dictionary. For example, taking the sentence “My poodle’s name is sam” and turning it into a passphrase may result in something like “MyP00dlEzNam3IsSam!2016”. While it might seem difficult to remember, doing things like replacing “O’s” with zeros, changing an “S” to a “Z”, replacing certain letters like “E” with numbers like “3”, and adding other numbers and symbols, like an exclamation point or the year you adopted Sam, have a large difference in making a password significantly more secure.
  • Don’t share your password or post it anywhere. Storing passwords under mouse pads, keyboards, on computer monitors, or in another easily accessible or guessable location close your computer is a poor security practice. In such cases, anyone who has physical access to your computer can gain access to it. You may also decide to use a password manager (below).
  • Use a password manager like 1Password or LastPass to store your passwords safely on your smartphone or computer. Services such as these safely store your passwords for you and manage the process of remembering them for each site you use or account you have.
  • Use two-factor or multi-factor authentication whenever available. Similar to how Duo works at USC, using two-factor authentication on other sites you use where it is available means that even if someone guesses or obtains your password, they cannot access your account without access to your phone. Most large web sites today have this feature available. Search the site’s help section for more information or click here to visit a site which can help determine whether certain services have two-factor authentication available.
  • Change your passwords every few months.