INDIANAPOLIS — In today’s world of cybercrime, multiple online accounts and the emergence of artificial intelligence, the Better Business Bureau is sharing tips on how to create a strong password to protect your online information and avoid being a victim of identity theft.

For one thing, the BBB says, the days of using a single password for multiple accounts are long gone.  If you’re still doing this, you’re putting yourself at high risk for identity theft.

The good news, according to the FTC, is that you may not have to change your password as often as you think.  However, the BBB lists these guidelines to make sure your password is secure:

  • Avoid easy passwords.  An example of a weak password is easy to guess – information anyone can find on social media sites or through a phishing email or text. A strong password has at least 12 to 14 characters mixed with uppercase and lowercase letters, numbers, and symbols.  Commonly used passwords are your pet’s name, your mother’s maiden name, the town you grew up in, your birthday, your anniversary, etc. Surprisingly, the answers to these common passwords can typically be found online.  Even if you don’t consider yourself an active social media user or the internet, your information is on one forum or another.  Even for passwords that require numbers and letters, some people stick to simple patterns like 0000, 1111, 1234, etc., and you should not be so predictable. Never use the same password for multiple accounts, especially for the most sensitive ones, such as bank accounts, credit cards, legal or tax records, or medically-related files.
  • Make them creative.  Need more creative ideas for different passwords? Can you use song lyrics? Not only is it impossible for hackers to guess what song you are using, it’s even harder for them to guess which lyrics you’re using.
  • Use a “passphrase.”  Instead of using a single word, use a passphrase. Your phrase should be around 20 characters long and include random words, numbers, and symbols. Think of something that you will be able to remember, but others need help to come close to guessing, such as PurpleMilk#367JeepDog$.
  • Use multiple passwords.  Using different passwords for different accounts is also important. While it may be easier to remember one password for every account, it’s much easier for hackers to break down one wall rather than multiple walls. If hackers can figure out one password, even if it’s to something harmless like your Instagram account, they know the password to every account you own. This includes websites you shop online at, banking accounts, health insurance accounts, email accounts – you name it.
  • Use multi-factor authentication.  When it’s available and supported by accounts, use two-factor authentication. This requires both your password and additional information upon logging in. The second piece is generally a code sent to your phone or a random number generated by an app or token. This will protect your account even if your password is compromised. Many devices include fingerprint or facial recognition to unlock them, which helps protect any apps on the device if it becomes lost or stolen.
  • Consider a password manager.  A written list works, but if you’re worried about losing it, type up an electronic list and label it as something other than “PASSWORDS.” Keep the list updated and organized as well as secretive. Avoid keeping the list on the device, as it will make it easier for the thief to access the apps and personal data.
  • Still, trying to convince? You can use a reputable password manager to store your information. These easy-to-access apps store all your password information and security question answers in case you ever need to remember. However, don’t forget to use a strong password to secure the information within your password manager.
  • Select security questions only you know the answer to.  Many security questions ask for answers to information available in public records or online, like your zip code, mother’s maiden name, and birthplace. That is information a motivated attacker can easily obtain. Don’t use questions with a limited number of responses that attackers can easily guess – like the color of your first car.

You can also read for tips and guidelines from the Federal Trade Commission.