Start with length
Use at least 16 characters for everyday accounts and consider 20 or more for email, banking, cloud storage, hosting, and work accounts. Long random passwords resist guessing better than short predictable substitutions.
Make every password unique
Password reuse turns one breach into a risk for many accounts. Use a password manager so each login can have a different generated password.
Protect the account around the password
- Enable multi-factor authentication.
- Keep recovery email and phone options current.
- Check the domain before entering credentials.
- Change a password quickly after suspected exposure.