7 tips for creating secure passwords

Money and Mindset | June 2025

When it comes to the security of your personal information and accounts, a strong password is one of the best defenses.

The highlights

  • Strong passwords include 14 or more characters and a mix of random numbers, letters, and symbols. They don’t include any info that can be found online, like your birthday or pet’s name.
  • Creating different passwords for every online account can help keep a hacker from accessing all of them if they happen to get their hands on one of your passwords.
  • Passphrases, password managers, and multifactor and passwordless authentications can help you keep your accounts extra secure.

Our online accounts contain lots of private information, from bank account numbers to personal addresses and birthdates. Unfortunately, scammers have gotten really good at finding ways to get into places they shouldn’t—almost half of Gen Zers and millennials have had their social media accounts hacked.Disclosure 1 The most common reason? Having a weak password.Disclosure 2 Creating secure passwords can help you protect yourself from fraudsters and keep your mind at ease.

Use these tips to create strong and secure passwords that will help keep your accounts and personal information safe.

Tip 1: Make your passwords complex.

When it comes to passwords, the more complex they are, the better:

  • Passwords should be at least 12 characters long, though 14 or more is best.Disclosure 3
  • Include a variety of letters (both uppercase and lowercase), numbers, and special characters to make them much harder to guess.
  • Avoid using common words, phrases, and predictable patterns.
  • Don’t include any details from your life that could be easily scooped by perusing your social media profiles, like your pets’ names, your birthday, where you’re from, etc.

Consider using a passphrase instead of a password. Passphrases are longer than 14 characters and include a random mix of words, spaces, and symbols, making them tougher to crack.Disclosure 4

Tip 2: Don’t reuse unique passwords.

Thirty percent of hacked passwords are due to reusing the same one, so make sure every online account has its own totally unique, complex password.Disclosure 2 This means “Fido1” and “Fido2” wouldn’t be the most secure options. Reusing passwords or only changing one small part can make it easier for a hacker to access multiple accounts.

Tip 3: Use a password manager.

Password managers can take the guesswork out of password security by automatically generating and storing all of your passwords in one single, secure app.Disclosure 5 They work across all of your devices too, making it easy to sign into your accounts whether you’re on your phone, computer, or tablet.

Tip 4: Turn on multifactor authentication.

Multifactor authentication (MFA) adds an extra layer of protection by requiring additional verification information when you’re signing in. An example of MFA could be a site requesting a one-time passcode sent to your phone or maybe asking you to answer a personal security question.

99.9%

How much multi-factor authentication reduces your chances of being hacked.Disclosure 6

Tip 5: Use passwordless authentication.

Passwordless authentication allows you to ditch passwords altogether and use harder-to-hack login methods like biometrics—facial recognition or your fingerprint—or security passkeys and one-time codes sent to your phone. If any of your online accounts offer passwordless authentication as a way to sign in, enabling it can help keep your account extra secure.

Tip 6: Make sure your current passwords are secure.

There are a number of online tools, services and websites that can potentially show you if any of your email addresses or passwords have been compromised, which may help you decide which passwords to update first. And if you ever get an alert about a data breach from any of your online accounts, make sure you update your password right away.

37%

of people share their passwords with others.Disclosure 7

Tip 7: Protect your passwords.

Now that you’ve created strong passwords, it’s important to keep them safe. Don’t send them in an email, text, or DM. If possible, don’t share them at all—even with friends and family. And definitely don’t write them on a sticky note and place it on your laptop.

If you’re ever contacted and asked for personal information, don’t share anything. Verify the request first by contacting the organization separately. Most organizations, including Truist, will never contact you to ask for your password. Keep an eye out for phishing attempts like suspicious email links or websites asking for your passwords or personal information that could be used to guess passwords.

Has your password been compromised? Here’s what to do:

  1. Change your password immediately. Use the tips above to create a secure and unique password. If you’re locked out of your account, contact the company’s customer service or reset your password using the “forgot password” option.
  2. Assess your other accounts. If you’re using the compromised password on other accounts, change those right away, too. This is a great time to change the passwords on all your other accounts too, just in case they are similar to the stolen one.
  3. Keep an eye on your financial accounts and credit activity. Even if the compromised password wasn’t for a financial account, a fraudster could gain access to sensitive information like credit and debit card numbers that could be used to make fraudulent purchases. Monitor your financial accounts and credit reports and report any suspicious activity.
  4. Enable multifactor authentication (MFA) on all accounts. If you haven’t already set up MFA, this is a good opportunity to do it now so you can arm your personal info with an extra layer of protection.

If you believe your account security has been compromised or have any concerns, call us immediately at 844-4TRUIST (844-487-8478).

Learn more about how Truist protects your accounts and get more helpful tips on steps you can take to protect yourself from fraudsters.

Next steps

  • Think about your passwords. Do they include a mix of 14 or more characters? Are they unique? Follow the tips in this article to create strong passwords for all of your online accounts.
  • Turn on multifactor authentication and passwordless authentication for any accounts that offer these sign-in methods to help keep them extra secure.
  • Once you’ve created strong passwords, don’t share them—and be wary of any fraudulent emails with bad links, calls from scammers pretending to be from your bank, and other sneaky social engineering tactics