1. Choose a Passphrase Instead of a Password
Long, complex passwords are more secure, but they’re hard to remember. Try a passphrase with eight or more characters. Make it something easy to recall, while avoiding common phrases, quotations and personal information.
For example, you could create Footba!!4theGreate5tC1uB, which uses dictionary words in a memorable sequence. The combination of special characters and uppercase and lowercase letters makes it hard to guess.
2. Create a Different Password for Every Account
Don’t use one password for every account. The password you set for each application should be unique because it reduces the risk of compromise.
Hackers often get account credentials from lists published on the internet that were harvested from systems vulnerable to attack. If you use the same password everywhere, it could be used to access other systems.
3. Use a Password Manager
Does setting unique passphrases for each account sound unmanageable? Think about using a password manager. These not only store and retrieve passwords securely, they also generate long, complex passwords specific to each account. Some password managers store passwords in the cloud so you can access them from any device. If you decide to use a password manager, be sure to secure your master password, which should be long and complex. Because the master holds the key to all your account passwords, take extra precautions to secure it with multifactor authentication.
4. Consider Passwordless Authentication for Stronger Security
Some vendors have introduced passwordless authentication for greater security. A typical passwordless system involves two parts: something you have, such as a security key or smart card, and a biometric gesture, such as a fingerprint or retinal scan, or a PIN.
PINs are stored locally and never sent across the network, which makes them more difficult to compromise. As such, they can be shorter in length and changed less frequently than other authenticators.