7 tips for creating secure passwords

Money and Mindset | June 2025

When it comes to the security of your personal information and accounts, a strong password is one of the best defenses.

The highlights

  • Strong passwords include 14 or more characters and a mix of random numbers, letters, and symbols. They don’t include any info that can be found online, like your birthday or pet’s name.
  • Creating different passwords for every online account can help keep a hacker from accessing all of them if they happen to get their hands on one of your passwords.
  • Passphrases, password managers, and multifactor and passwordless authentications can help you keep your accounts extra secure.

Our online accounts contain lots of private information, from bank account numbers to personal addresses and birthdates. Unfortunately, scammers have gotten really good at finding ways to get into places they shouldn’t—almost half of Gen Zers and millennials have had their social media accounts hacked.Disclosure 1 The most common reason? Having a weak password.Disclosure 2 Creating secure passwords can help you protect yourself from fraudsters and keep your mind at ease.

Use these tips to create strong and secure passwords that will help keep your accounts and personal information safe.

Tip 1: Make your passwords complex.

When it comes to passwords, the more complex they are, the better:

  • Passwords should be at least 12 characters long, though 14 or more is best.Disclosure 3
  • Include a variety of letters (both uppercase and lowercase), numbers, and special characters to make them much harder to guess.
  • Avoid using common words, phrases, and predictable patterns.
  • Don’t include any details from your life that could be easily scooped by perusing your social media profiles, like your pets’ names, your birthday, where you’re from, etc.

Consider using a passphrase instead of a password. Passphrases are longer than 14 characters and include a random mix of words, spaces, and symbols, making them tougher to crack.Disclosure 4

Tip 2: Don’t reuse unique passwords.

Thirty percent of hacked passwords are due to reusing the same one, so make sure every online account has its own totally unique, complex password.Disclosure 2 This means “Fido1” and “Fido2” wouldn’t be the most secure options. Reusing passwords or only changing one small part can make it easier for a hacker to access multiple accounts.

Tip 3: Use a password manager.

Password managers can take the guesswork out of password security by automatically generating and storing all of your passwords in one single, secure app.Disclosure 5 They work across all of your devices too, making it easy to sign into your accounts whether you’re on your phone, computer, or tablet.

Tip 4: Turn on multifactor authentication.

Multifactor authentication (MFA) adds an extra layer of protection by requiring additional verification information when you’re signing in. An example of MFA could be a site requesting a one-time passcode sent to your phone or maybe asking you to answer a personal security question.

99.9%

How much multi-factor authentication reduces your chances of being hacked.Disclosure 6

Tip 5: Use passwordless authentication.

Passwordless authentication allows you to ditch passwords altogether and use harder-to-hack login methods like biometrics—facial recognition or your fingerprint—or security passkeys and one-time codes sent to your phone. If any of your online accounts offer passwordless authentication as a way to sign in, enabling it can help keep your account extra secure.

Tip 6: Make sure your current passwords are secure.

There are a number of online tools, services and websites that can potentially show you if any of your email addresses or passwords have been compromised, which may help you decide which passwords to update first. And if you ever get an alert about a data breach from any of your online accounts, make sure you update your password right away.

37%

of people share their passwords with others.Disclosure 7

Tip 7: Protect your passwords.

Now that you’ve created strong passwords, it’s important to keep them safe. Don’t send them in an email, text, or DM. If possible, don’t share them at all—even with friends and family. And definitely don’t write them on a sticky note and place it on your laptop.

If you’re ever contacted and asked for personal information, don’t share anything. Verify the request first by contacting the organization separately. Most organizations, including Truist, will never contact you to ask for your password. Keep an eye out for phishing attempts like suspicious email links or websites asking for your passwords or personal information that could be used to guess passwords.

Has your password been compromised? Here’s what to do:

  1. Change your password immediately. Use the tips above to create a secure and unique password. If you’re locked out of your account, contact the company’s customer service or reset your password using the “forgot password” option.
  2. Assess your other accounts. If you’re using the compromised password on other accounts, change those right away, too. This is a great time to change the passwords on all your other accounts too, just in case they are similar to the stolen one.
  3. Keep an eye on your financial accounts and credit activity. Even if the compromised password wasn’t for a financial account, a fraudster could gain access to sensitive information like credit and debit card numbers that could be used to make fraudulent purchases. Monitor your financial accounts and credit reports and report any suspicious activity.
  4. Enable multifactor authentication (MFA) on all accounts. If you haven’t already set up MFA, this is a good opportunity to do it now so you can arm your personal info with an extra layer of protection.

If you believe your account security has been compromised or have any concerns, call us immediately at 844-4TRUIST (844-487-8478).

Learn more about how Truist protects your accounts and get more helpful tips on steps you can take to protect yourself from fraudsters.

Next steps

  • Think about your passwords. Do they include a mix of 14 or more characters? Are they unique? Follow the tips in this article to create strong passwords for all of your online accounts.
  • Turn on multifactor authentication and passwordless authentication for any accounts that offer these sign-in methods to help keep them extra secure.
  • Once you’ve created strong passwords, don’t share them—and be wary of any fraudulent emails with bad links, calls from scammers pretending to be from your bank, and other sneaky social engineering tactics

Related resources

Component ID : "accordionGridLayout-1624256768"
Model : "disclaimer"
Position : "left"

This content does not constitute legal, tax, accounting, financial, investment, or mental health advice. You are encouraged to consult with competent legal, tax, accounting, financial, investment, or mental health professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

Disclosure 1Almost half Gen Z and Millennials have had their social media passwords hacked,” BetaNews, January 7, 2025.

Disclosure 278% of people use the same password across multiple accounts,” Security Magazine, June 10, 2024.

Disclosure 3Create and use strong passwords,” Microsoft, accessed April 23, 2025.

Disclosure 4Password vs. Passphrase: Differences Defined & Which Is Better?” Okta, August 29, 2024.

Disclosure 5 “Best Password Manager in 2025,” CNET, accessed June 9, 2025.

Disclosure 6Multifactor Authentication,” America’s Cyber Defense Agency, accessed April 23, 2025.

Disclosure 7America’s Password Habits,” Security.org, November 8, 2024.

Disclosures

Truist Bank, Member FDIC. © 2025 Truist Financial Corporation. Truist, the Truist logo, Truist Purple, LightStream, and the LightStream logo are service marks of Truist Financial Corporation.

Equal Housing Lender

Investment and Insurance Products:

  • Are Not FDIC or any other Government Agency Insured
  • Are Not Bank Guaranteed
  • May Lose Value

TRUIST is a service mark of Truist Financial Corporation (Truist) and its affiliates.

Services provided by Truist Financial Corporation (Truist) affiliates: Banking products and services, including loans and deposit accounts, provided by Truist Bank, Member FDIC. Trust and investment management services provided by Truist Bank. Securities, brokerage accounts and /or annuities offered by Truist Investment Services, Inc., an SEC registered broker-dealer, and member FINRA and SIPC, and a licensed insurance agency. Investment advisory services offered by Truist Advisory Services, Inc. and GFO Advisory Services, LLC, SEC registered investment advisers. Some insurance products offered by Truist Investment Services, Inc. Other insurance products offered by McGriff Insurance Services, LLC (McGriff), Kensington Vanguard National Land Services, LLC (Kensington Vanguard) and Crump Life Insurance Services, LLC (Crump). Truist Life Insurance Services (TLIS) is a division of Crump, Arkansas License #100103477. Variable insurance material is for broker-dealer or registered representative use only. Variable products distributed by P.J. Robb Variable (PJRV), LLC, Arkansas License #100110185. Member FINRA.

McGriff, Kensington Vanguard, Crump, TLIS, and PJRV are not affiliated with Truist Financial Corporation or any of its subsidiaries.

Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank.

Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

"Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Please note that Truist provides translations of webpages, documents and disclosures as a courtesy and in the event of any inconsistencies or discrepancies between the English content and the translated content, the English content supersedes the translation. Truist offers phone support in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages, please speak to a representative directly.

New York City residents:

Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

The Consumer Finance Protection Bureau (CFPB) also provides additional resources for homeowners seeking payment assistance in select languages at: https://www.consumerfinance.gov/housing/housing-insecurity/help-for-homeowners/

Site footer

Footer Navigation

Banking products
About Truist
Resources
Support

© 2025, Truist. All Rights Reserved.