Make a Strong and Unique Password

A strong password is one that is hard for another person or computer to guess. This can be hard for us humans to make because computers can be very good at guessing many passwords quickly.

Ideally, your strong password has many characters or words and has some randomness. This means that it doesn't have anything associated with you in it. No people or pet names, birthdays, favorite colors, or known combinations of numbers.

A unique password is a password that you only use in one place. So, you make a password for your email account and only use if for your email account. It may sound wild to imagine having a lot of long and random passwords, but stay tuned, we're going to make this easier than you may think.

These days, regular computers are powerful enough to guess millions of passwords in a very short amount of time. Bad actors can use freely available tools to rapidly make guesses of your passwords, incorporating common words and phrases, sometimes even using information they collect about you, even when you think you've got something they won't guess. That's why we need something really random, long and strong.

We use unique passwords for each account or service because if they do manage to guess one of your passwords, they won't immediately know them all. A common form of attack used by bad actors is taking a leaked password or one they've already cracked and trying it on many other services.

You could very well make a password that looks something like this:

There are many interesting ways to make long, strong, random, unique passwords and passphrases (see:  diceware), but we're going to start with something easy and effective: a password generator.

Computers are way better at making random things than we are, so let's use their help here.

Use this simple Password Generator site from Bitwarden.

• Change the Type to Passphrase
• Change the Length to 5 (or more!)
• Check the Include Number box
• Check the Capitalize box (if needed for your email service)

That's it! You now have a passphrase.

Later on in this security journey, we're going to set up some tools to help you manage your new collection of strong and unique passwords. But for now, we'll do something that may feel a bit non-technical. We're going to write this password down on a paper.

Find a note card, old business card or something detached from a notepad that you won't be tempted to leave on your desk. Try not to use a notepad or sticky note, as those tend to be mixed with a lot of other info or stuck to things.

Index card with an example passphrase

Avoid using a spreadsheet or notes app to store passwords. This isn't a good place to store passwords and could easily create other problems.

Also, avoid using built-in password managers from your mobile device or web browser. This means saying “no” when Chrome, Firefox, or Safari offer to store passwords for you.

For now, find something portable to write your new password or passphrase on. Then write it down and store it somewhere very safe. A good place to store it may be your wallet, locked filing cabinet, or any place that you usually store sensitive things.

We're here, the final step of this part of the journey: actually put this password to use!

You've probably changed your password in your email account before, so just head there and make the change to the new one. Bonus: try typing the new password in instead of copy and pasting it. It'll give you some initial practice with your new phrase.

In case you haven't changed your email password before, here are links to instructions for some common email services:

• Google / Gmail
• Microsoft / Outlook.com
• Apple ID / iCloud
• ProtonMail
• Yahoo