Skip to main content

Cookies on BBB.org

We use cookies to give users the best content and online experience. By clicking “Accept All Cookies”, you agree to allow us to use all cookies. Visit our Privacy Policy to learn more.

Cookie Preferences

Many websites use cookies or similar tools to store information on your browser or device. We use cookies on BBB websites to remember your preferences, improve website performance and enhance user experience, and to recommend content we believe will be most relevant to you. Most cookies collect anonymous information such as how users arrive at and use the website. Some cookies are necessary to allow the website to function properly, but you may choose to not allow other types of cookies below.

Necessary Cookies

What are necessary cookies?
These cookies are necessary for the site to function and cannot be switched off in our systems. They are usually only set in response to actions made by you that amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not work. These cookies do not store any personally identifiable information.

Necessary cookies must always be enabled.

Functional Cookies

What are functional cookies?
These cookies enable the site to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these services may not function properly.

Performance Cookies

What are performance cookies?
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Marketing Cookies

What are marketing cookies?
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant content on other sites. They do not store personal information directly, but are based on uniquely identifying your browser or device. If you do not allow these cookies, you will experience less targeted advertising.
      Country
          Country
          Latest News

          BBB Tip: How to create a strong password

          By Better Business Bureau. May 4, 2023.
          sticky notes on computer with password ideas

          (Getty Images)

          Wireless technologies such as Bluetooth® and Wi-Fi have forever changed the way people not only interact with one another but also how they complete day-to-day activities such as shopping, researching, banking, eating, and communicating. The more everyone is online, the more there are opportunities for hackers to get into personal accounts, steal information and drain checking or savings accounts before victims realize it. According to the Federal Communications Commission (FCC), securing today's online environment goes beyond thinking about the Wi-Fi router at home - and it all starts with a password. 

          Passwords should be different for every account that lives online, is in the cloud, or is attached to something that retains personal or financial information. Think about the last time any of your online account passwords were changed. Change them if they are all the same or a similar variation of the same password, if they are too easy to guess, or if they need to be remembered or compromised. According to the Federal Trade Commission, people don’t need to change their passwords as often as they may think; however, ensuring the password is as secure as possible is good practice.

          BBB recommends the following password-creation tips to stay safe:

          Think of your passwords as walls.

          A password or a passphrase should be considered a wall between free access to your personal information and the world. The stronger the wall, the more difficult it is for others to break down. The more walls, the more difficult it is to access the information. Encryption is the easiest way to protect communication between an electronic device and a website or server. 

          Avoid easy passwords.

          An example of a weak password is easy to guess - information anyone can find on social media sites or through a phishing email or text. A strong password has at least 12 to 14 characters mixed with uppercase and lowercase letters, numbers, and symbols.

          Commonly used passwords are your pet’s name, your mother’s maiden name, the town you grew up in, your birthday, your anniversary, etc. Surprisingly, the answers to these common passwords can typically be found online. Even if you don’t consider yourself an active social media user or the internet, your information is on one forum or another. Even for passwords that require numbers and letters, some people stick to simple patterns like 0000, 1111, 1234, etc., and you should not be so predictable. Never use the same password for multiple accounts, especially for the most sensitive ones, such as bank accounts, credit cards, legal or tax records, or medically-related files.

          Make them creative.

          Need more creative ideas for different passwords? Can you use song lyrics? Not only is it impossible for hackers to guess what song you are using, it’s even harder for them to guess which lyrics you’re using.

          Use a “passphrase.”

          Instead of using a single word, use a passphrase. Your phrase should be around 20 characters long and include random words, numbers, and symbols. Think of something that you will be able to remember, but others need help to come close to guessing, such as PurpleMilk#367JeepDog$.

          Use multiple passwords.

          Using different passwords for different accounts is also important. While it may be easier to remember one password for every account, it’s much easier for hackers to break down one wall rather than multiple walls. If hackers can figure out one password, even if it’s to something harmless like your Instagram account, they know the password to every account you own. This includes websites you shop online at, banking accounts, health insurance accounts, email accounts - you name it.

          Use multi-factor authentication.

          When it’s available and supported by accounts, use two-factor authentication. This requires both your password and additional information upon logging in. The second piece is generally a code sent to your phone or a random number generated by an app or token. This will protect your account even if your password is compromised. Many devices include fingerprint or facial recognition to unlock them, which helps protect any apps on the device if it becomes lost or stolen.

          Consider a password manager.

          A written list works, but if you’re worried about losing it, type up an electronic list and label it as something other than "PASSWORDS." Keep the list updated and organized as well as secretive. Avoid keeping the list on the device, as it will make it easier for the thief to access the apps and personal data.

          Still, trying to convince? You can use a reputable password manager to store your information. These easy-to-access apps store all your password information and security question answers in case you ever need to remember. However, don’t forget to use a strong password to secure the information within your password manager.

          Select security questions only you know the answer to.

          Many security questions ask for answers to information available in public records or online, like your zip code, mother’s maiden name, and birthplace. That is information a motivated attacker can easily obtain. Don’t use questions with a limited number of responses that attackers can easily guess - like the color of your first car.

          Wi-Fi is a security concern as well. Check your device settings before surfing the web.

          • Check the validity of available Wi-Fi hotspots: hackers will set up fake hotspots with names of stores or institutions you might trust.
          • Make sure all websites you use have "https" at the beginning of the web address.
          • Install an app add-on that forces your web browsers to use encryption when connecting to websites.

          If you receive notification from a company about a possible data breach, it is always best practice to immediately change that password and any similar passwords. See BBB's tips on handling a security breach.

           

          For more information

          Check out more information from BBB on cybersecurity, get tips on protecting yourself against identity theft, and recover from it using the tools from ftc.gov/identitytheft.

          Go to BBB.org for more information. In the United States, visit the FTC for more information on cybersecurity. In Canada, visit the Canadian Centre for Cybersecurity.