Advice for Setting Passwords

July 31, 2014

News stories about data breaches have gotten common over the last few years, so much so that it can be easy to skip right over them and move on to the next news story. During 2013 there were 2,164 incidents exposing over 822 million records. Nearly 48% of those cases involved compromised passwords.

It is more important than ever for consumers to be attentive to their passwords. Most of us have been using, forgetting and changing our passwords so many times by now that we may be afflicted with “password fatigue.” That can lead to lazy habits like keeping the same password over long periods of time, using the same password for multiple accounts and relying on simple, easy-to-remember passwords – all bad ideas. Your BBB has the following advice regarding those all-important but pesky passwords.

What not to do

Some of this information may seem obvious and you may have heard it many times before. Yet because so many people continue to practice dangerous habits when it comes to their passwords, it bears repeating:

  • Don’t use your name, birthdate or other common words.
  • Don’t keep it short. Use at least 10 characters, ideally 12.
  • Don’t use the same passwords for multiple accounts. If one account’s password is stolen, only that account will be affected.
  • Don’t share your password over the phone, in an email or text. No legitimate company will send you a message requesting your password. Any such message is a scammer and should be ignored.
  • Don’t store your passwords in plain sight. Sticky notes beside your workspace are not the place for your passwords. Keep them private. If you write it down, don’t say that it is a password and don’t say what account it goes with.
  • Don’t settle for only changing one character or number of your password for different accounts. Make each of them significantly different. A hacker who figures out one of your passwords may quickly try slight variations on it for your other accounts.

Well, then, what are you supposed to do?

When making up a password, be creative and unpredictable. Make your password long and be sure to mix letters, numbers, case and special characters.

To combat the problem of trying to remember the password, Microsoft recommends that you create an acronym from a phrase that is meaningful to you. You might, for example, think of a phrase like “Our anniversary is 12 December, 2004.” Then derive a password from the phrase. In this case Oann12/Dec,4 could be that password.

Add more security to the password by substituting numbers, symbols and misspellings. Then the password in this example could become Owr@nnizz1212o4.

Some people prefer to use an online password generator for coming up with their various passwords. A web search will turn up a slew of online sites to help you.


For 100 years, the Better Business Bureau has been helping consumers find businesses, brands and charities they can trust. In 2012, consumers turned to BBB more than 100 million times for Business Reviews on more than 4 million companies and Charity Reports on 11,000 charities, all available for free at The Council of Better Business Bureaus is the umbrella organization for 114 local, independent BBB's across the United States and Canada, as well as home to its national programs on dispute resolution and industry self-regulation.


For more information, journalists should contact Jessica Tharp at 309-670-1182 or