For most of your accounts, you will have a user name (sometimes this is just your e-mail address) and a password to log in. The theory is, by entering that combination, you prove that you are you and have the right to do whatever you are doing (e.g., shopping online, social media, etc.). 

Unless a hacker breaks into your account and pretends to be you. The easiest way for a hacker to do that is to get your password. How can a hacker do this? 

1) You give the hacker your password.

2) The hacker guesses your password. 

3) The hacker tries out various passwords until he finds one that works. 

4) The hacker installs malware or a virus on your computer that gives him your password. 

How can I keep my passwords safe? 

1) Do NOT give your password to anyone. Assume that if someone is asking for your password, especially someone that you do not know, they have bad intentions. The company where you have your account will NOT ask for your password. Only click password reset links when you have requested the reset. 

2) Use antivirus software and malware protection software (see other blog posts for more details).

3) Follow password guidelines:

a. Use uppercase and lowercase letters, as well as numbers and special characters. 

b. Your password should be between 8 and 18 characters. 

c. Change your password every 3-6 months. 

d. Don’t use personal information. 

e. Use different passwords for every site. 

These password guidelines are unusable! They are too much of a pain in the neck. 

Yes, you are correct. That is why many sites where you make passwords will make you follow password guidelines as much as they can. 

We recommend using more security for the accounts you most want to protect (e.g., your bank account, etc.). For these accounts, make sure that they have their own password and that you do not share that password. 

A password manager can help as you manage your passwords for many accounts. Your phone and browser (e.g., Chrome, Edge, etc.) can do this to an extent, but we do not recommend relying on them. A password manager can generate a password that you can use that follows password guidelines. It can store usernames and passwords. Once you have an account you can copy and paste them from the password manager so that you do not have to worry about mistyping your password. Examples are KeePass and 1Password. When you change your password, be sure to change it here too!