ABC of Cyber
Back to Lessons
Beginner
12 min

Password Security Basics

Passwords are the keys to your digital life. Yet most people treat them like sticky notes on a monitor. This lesson covers how to create, manage, and protect credentials without losing your mind or your data.

Why Passwords Matter

Despite all the advances in cybersecurity, weak and reused passwords remain the #1 cause of account compromises. Attackers don't need sophisticated exploits when “Password123!” still appears in breach data year after year.

81%

of data breaches involve weak or stolen passwords

65%

of people reuse passwords across multiple accounts

23M

accounts use “123456” as their password

Use a Password Manager

A password manager is the single most impactful security tool you can adopt. It generates, stores, and autofills strong, unique passwords for every account. You only need to remember one strong master password.

Generate Strong Passwords

Password managers create 20+ character random strings that are effectively impossible to guess or crack. No more relying on your cat's name plus a number.

Eliminate Password Reuse

When every account has a unique password, a breach at one service doesn't compromise your other accounts. Reuse is the fastest way to turn one mistake into many.

Autofill & Convenience

No more typing or copying passwords. Autofill works across devices and browsers, and it protects against keyloggers since you never type the password.

Security Alerts

Most password managers alert you when a service you use has been breached, prompting you to rotate that password immediately.

What Makes a Strong Password?

Strong Password (Good)
gX7!kL9#qR2@pO5&wN1
  • ✓ 16+ characters long
  • ✓ Mix of uppercase, lowercase, numbers, and symbols
  • ✓ No dictionary words, names, or patterns
  • ✓ Completely random — generated by a password manager
  • ✓ Unique — never used on another account
Weak Password (Bad)
Password123!
  • ✗ Contains a common word (“Password”)
  • ✗ Sequential numbers (“123”)
  • ✗ Only 12 characters — crackable in seconds
  • ✗ Likely reused across multiple accounts
Alternative: Passphrases

If you need to remember a password (e.g., your master password), use a passphrase — a sequence of random words strung together. They're easier to remember and harder to crack.

correct-horse-battery-staple

This four-word passphrase would take centuries to crack, yet it's easy to type and remember. Add a number and symbol for extra strength: Correct-Horse-7%!

Multi-Factor Authentication (MFA)

MFA adds a second layer of protection beyond your password. Even if an attacker steals your password, they cannot access your account without the second factor. This single step blocks over 99% of automated attacks.

Authenticator Apps

Apps like Google Authenticator, Authy, or Microsoft Authenticator generate time-based codes that change every 30 seconds. No network connection needed.

✓ Most Secure (App-based)

Hardware Keys

Physical security keys like YubiKey plug into your device and authenticate via USB or NFC. Phishing-resistant by design — the best protection available.

✓ Gold Standard

SMS Codes

Codes sent via text message. Better than no MFA, but vulnerable to SIM swapping attacks. Use an authenticator app or hardware key when available.

⚠ Better than nothing

Password Hygiene Checklist

Use a password manager

Pick one (Bitwarden, 1Password, or your browser's built-in manager) and start using it today.

Enable MFA everywhere

Start with email, banking, and social media. Use an authenticator app, not SMS, where possible.

Never reuse passwords

Every account gets its own unique, randomly generated password. Your password manager handles this.

Rotate compromised passwords immediately

Use haveibeenpwned.com to check if your credentials appear in known breaches.

Never share passwords

Use password manager sharing features for team access instead of emailing or texting credentials.

Lock your devices

Set a strong PIN or biometric lock on your phone, laptop, and tablet. Auto-lock after 5 minutes of inactivity.

Common Password Mistakes to Avoid

Using Personal Information

Birthdays, pet names, street names, and anniversary dates are easy to guess from social media. Attackers scrape this data to crack passwords.

Password Rotation Policies

Forcing password changes every 90 days actually reduces security — people choose weaker passwords and use predictable patterns (e.g., Spring2024! → Fall2024!).

Writing Passwords Down

Sticky notes on monitors, notebooks in desk drawers, or digital notes in unencrypted files all create exposure. Use a password manager instead.

Using the Same Password

When you reuse passwords, a breach at a small forum or shopping site hands attackers the keys to your email, banking, and work accounts.

Next Steps

Next Lesson: Network Security FundamentalsBack to All Lessons