Follow this advice to help keep your accounts out of the wrong hands:

1. Create strong passwords

Hackers don’t break in; they sign-in. If you use passwords as part of your sign-in process, you’ll need to make sure they are as strong as possible. Strong passwords are:

• At least 12 characters long (but 14 or more is better)

• A combination of uppercase letters, lowercase letters, numbers, and symbols

• Not a word that can be found in a dictionary or the name of a person, character, product, or organization

• Significantly different from your previous passwords

• Easy for you to remember but difficult for others to guess

2. Keep passwords secure

Once you’ve created strong passwords that hackers can’t crack, you must keep them secure. If they can’t break your passwords, criminals will try to trick you into revealing them. To keep your passwords as safe as possible, follow these guidelines:

• Don’t share a password with anyone—not even a friend or family member

• Never send a password by email, instant message, or any other means of communication that is not reliably secure

• Never re-use the same password—all your passwords should be unique

• Update your passwords frequently

• Always access websites using trusted links

• Don’t hesitate to change passwords immediately on accounts you suspect may have been compromised

3. Get rid of passwords altogether

Creating strong passwords and keeping them secure can be a lot of work, especially when you have multiple passwords to remember and manage across all your accounts. But what if you didn’t have to manage passwords at all? Passwordless sign-in methods like the Microsoft Authenticator App, physical security keys, and biometrics are more secure than traditional passwords, which can be stolen, hacked, or guessed.