For starters, users can use a password manager to collect their passwords securely in one place. In addition to securely storing your passwords, many password managers can also dynamically generate unique, strong passwords when you need to create a new site login or update an existing credential. With a unique password, if one site gets breached, your other credentials wouldn’t be affected.
For banking, social media profiles, and other important websites, we recommend adding multi-factor or two-factor authentication. In addition to requiring a username and password, an additional authentication factor, like a six- or eight-digit pass-code, must be used to log in. These codes are either sent to you via text message or can be obtained through an authentication app.
Another way to make your password stronger is to use an inexpensive hardware-based security key. Prior to releasing its own Titan USB key, Google claimed that when it started internal testing by requiring its employees to use a hardware key in 2017, it saw zero incidents of phishing attacks. With multi-factor authentication, even if an attacker has your login credentials, they wouldn’t be able to access your account without having a hardware key, a pass-code sent to your phone, or a unique code that’s generated with an authentication app. Once linked to your account, the hardware keys will work with Windows, Macs, and smartphone devices over USB, USB-C, Bluetooth, or NFC connections, depending on the variant of the key.
For more information on the importance of strong passwords, check out our page: