Create stronger passwords and protect them

All week we’ll be posting our best guidance on how to create, protect, and manage your passwords.

Passwords are your first line of defense against hackers. Pick passwords that are difficult to crack but easy for you to remember.

What does “difficult to crack” mean?

Each time cybercriminals hack into a database of passwords, they learn more about the kinds of passwords that people use. (Come back on Friday to read Part 3 of our password series on what passwords you should never, ever use.) Now, even passwords that we think are tricky can be guessed by cybercriminals who’ve harnessed the right technology to crack passwords.

The best passwords are the most unpredictable

Stuart Schechter and other colleagues from Microsoft Research have developed a free online tool that helps you avoid passwords that are predictable. Try the tool.

A strong password:

  • Contains at least eight characters.
  • Does not contain your user name, real name, or company name.
  • Does not contain a complete word.
  • Is significantly different from previous passwords.
  • Is different from passwords that you’ve used on other websites.

Get more advice on how to create strong passwords.

5 ways to protect your password

Once you’ve chosen a strong password, you can protect it from hackers by following a few simple rule:

  1. Don’t share your password with friends.
  2. Never give your password to people who call you on the phone or send unsolicited email, even if they claim to be from Microsoft.
  3. Change your password regularly.
  4. Tell your children not to share your passwords (or theirs) with anyone. Check back tomorrow for more guidance on how to help kids create and protect their passwords.
  5. Evaluate password managers and other password tools carefully.  If they keep all your passwords in the cloud, they should use encryption. If the service has problems, understand that you might be locked out of your accounts.

Learn more about how to protect your passwords.

About the Author
Eve Blakemore

Group Manager, Trustworthy Computing

Eve Blakemore is a Group Manager for Trustworthy Computing who delivers consumer guidance around the latest trends in security and privacy. Eve joined Microsoft in 1998 and has worked in corporate and field roles with Microsoft Learning, US Public Sector, Read more »

Join the conversation

  1. Anonymous

    Microsoft has built biometric support into Windows 8.1 for user log-on and UAC elevation prompts.  Why not build your own biometric password manager for website credentials?  Authentec used to make a pretty good one, Protector Suite, until they were bought by Apple Inc.

    We keep hearing the same advice:  use complex passwords, don't re-use them, change them periodically, and so on.  A password manager integrated into Windows would help this become simpler in practice.

Comments are closed.