AARP Eye Center
You can protect yourself from data breaches, hackers and scammers in loads of ways. But always use three basic tenets for the passwords that multiply with every site you visit.
• Don’t share them.
• Change them often.
• Don’t leave them lying around.
Beyond the basics, the real key to building and managing your passwords entails layers of security, a real pain point for those not so tech savvy.
AARP Membership — $12 for your first year when you sign up for Automatic Renewal
Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine.
If you’re used to writing down passwords on sticky notes, you’re not alone. About a third of people say they put their passwords on a piece of paper; 2 in 5 say they memorize them, according to a November 2022 online survey from nonprofit Security.org.
A little more than 1 in 5 use the same few passwords for all their online activity, a huge mistake. If an app or website suffers a data breach, cybercriminals have access to all or a good portion of your accounts.
So, consider this a refresher on how to create a strong, secure password by building up its complexity to reduce the odds of your data or devices being compromised.
On occasion, you might share your password with a friend or relative so they can log into your video streaming service or check your email while you're on vacation. According to The Zebra, an Austin, Texas-based insurance comparison site, 79 percent of Americans say they share passwords with those outside the home, yet only 13 percent are concerned about identity theft.
1. Be random, not predictable
If you don’t want to use password manager apps, which generate complicated passwords to log into online accounts, you have plenty of other ways to create unique and secure passwords, and store your information safely. Only about 1 in 5 people do, according to the Security.org survey.
Think of your password as the exact opposite of a game of Scrabble. Don’t use words in the dictionary.
Avoid names of your kids or pets. Steer clear of dates such as your birthday or anniversary, which are tempting to use in personal identification numbers that unlock your smartphone or allow you to gain access to an automated teller machine.
Cybercriminals crack weak passwords easily by purchasing sets of common passwords on the dark web. They sometimes get clues by looking at your social media posts or phishing for information from you through bogus emails.
In 2022, the most common password out of more than 15 billion retrieved from publicly leaked data breaches was 123456, according to a Cybernews.com analysis. No. 2 was 123456789, followed by qwerty and password.
2. Don’t repeat yourself
As you’re thinking about a password to use, don’t repeat letters or numbers to make it longer. Password may be a weak password, but so is paaaassword. Sequential numbers and letters, such as qwerty, have the same problem.
Of course, never use the same passwords for all or really any of your online activity. Two-thirds of Americans in an Ipsos poll of 4,000 people conducted in April 2022 reported reusing passwords for different accounts.
If a site or app is breached, fraudsters will try it for other accounts. If they gain access, you’ll have more than one data security problem.
3. Acquaint yourself with special characters
When producing a password on your own, make sure it has at least eight characters, according to the National Institute of Standards and Technology. But that’s a low bar for hackers to crack.