Use at least 12 characters
Use a mix of uppercase and lowercase letters
Include numbers
Include symbols
Avoid common words, phrases, and predictable patterns
Avoid using personal information (name, birthdate, address, phone, etc.)
Do not reuse the same password across multiple accounts
Prefer a unique password for each account
Use a password manager to generate and store complex passwords
Enable multi-factor authentication (MFA) where available
Change passwords if you suspect compromise
Use a passphrase made from multiple random words plus separators and symbols
Ensure the password meets the site’s requirements without weakening it to fit rules
Store backup recovery codes securely if provided
Regularly review password security for important accounts