# Tips for Creating Strong Password Passwords are the first line of defense for your online life. A weak or reused password can expose you to account takeover, data theft, and financial fraud. Investing a few minutes to craft a robust credential pays off in peace of mind and security. ## 1. Make Every Password Unique * **Never reuse** the same password on multiple sites. * If one site is breached, attackers often try stolen credentials elsewhere (the “credential stuffing” attack). * Use a different, random password for each **critical** account: email, banking, social media. ## 2. Build Complexity with Character Variety * Combine **uppercase letters** (`A–Z`), **lowercase letters** (`a–z`), **numbers** (`0–9`), and **symbols** (`!@#$%^&*()`). * Aim for at least **12 characters**. Longer is better! * Example: ``` MfT&Jsmafe1ad ``` (“My friends Tom and Jasmine send me a funny email once a day” ➔ `MfT&Jsmafe1ad`) ## 3. Use a Memorable Passphrase * Create a short **sentence** or **acrostic** that’s personal but not guessable. * Insert numbers and symbols for extra strength: ``` I took 3 storms, & danced in rain! ➔ It3s&dir! ``` * Passphrases (20–30 chars) often trump random strings—easier to remember, hard to crack. ## 4. Avoid Predictable Patterns * **Don’t** use: * Sequential letters/numbers (e.g., `abcd1234`) * Keyboard patterns (e.g., `qwerty`, `1q2w3e4r`) * Personal info (birthdays, names, addresses) * **Don’t** substitute only a few characters (`P@ssw0rd!` is still weak). ## 5. Rotate & Update Regularly * Change passwords **every 6–12 months** or immediately after a security breach. * For non-critical sites, you may update less frequently—but never skip updates after known leaks. ## 6. Secure Storage & Management * **Use a password manager** (e.g., Bitwarden, 1Password, etc) to: * Generate truly random passwords * Store and autofill them securely * Sync across devices * **Avoid** plain-text files or browser-saved passwords without encryption. ## 7. Enable Multi-Factor Authentication (MFA) * Wherever possible, enable **MFA** (SMS codes, authenticator apps, hardware keys). * MFA adds a second layer: even if your password is stolen, attackers can’t log in without the second factor. ## 8. Beware of Phishing & Social Engineering * Don’t enter passwords on untrusted links—always verify the site’s URL. * Watch out for spoofed emails or messages asking for your credentials. *** ## 🔄 Maintaining Password Hygiene 1. **Review your vault**: Delete unused or stale passwords. 2. **Audit breached accounts** with tools like Have I Been Pwned. 3. **Use alerts**: Many password managers notify you of compromised credentials. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.simkl.org/how-to-use-simkl/faq/frequently-asked-questions/tips-for-creating-strong-password.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.