How to Manage Your Passwords

In our previous lessons in this course, we taught you how to make a strong password (and avoid a weak one), how to replace one of your passwords with a more secure one, and how to reset a password if you forget it or think somebody has cracked it.  To support these essential skills, we're now going to go over some general strategies of how to keep your passwords in order and get the most security possible out of them.

Tips for managing your passwords

1.  Use some sort of memory trick to remember your passwords.

In the last tip for our How to Make a Strong Password tutorial, we suggested starting with a memorable (but uncommon) phrase, writing down the first letter of each word, and then substituting numbers and symbols based on sounds and shapes.  This would result in a strong password that was easier to remember.  While it's probably simpler to work from the ground up like this, you may be able to remember a complex password that you build from the top-down by using the other tips in that article. 

For example, "gh$nd4B&8xq%" might be remembered by sounding out some of the letters, numbers, or letters that look similar to symbols.  You might come out with something like "ghost and four Band-Aid execute".  Okay, that sentence doesn't make a whole lot of sense, but hopefully you get the idea of how you can sound out what a password looks like in order to develop a memory trick.

2.  If it's easiest for you, write your passwords — or better yet, just clues about them — down.

We realize that memory tricks might not be for everyone.  The simpler thing to do, if you need help remembering your passwords, might be to write your passwords down.  Even if you do use memory tricks, you might want to write those down, too, just so you can remember them.

If you're going to write your passwords (or memory tricks) down in order to remember them, don't do so right on your computer or other digital device.  If a hacker installs a spyware program or otherwise takes control of your computer, they might be able to find all of your passwords and use them to break into all of your Internet accounts.

Instead, the best idea is to write your passwords down on a physical piece of paper, or in some sort of address book or diary.  Make sure that you store your list of passwords in a secure place, where only you know where it is and/or can get at it. 

If you're able to use memory tricks effectively, write them down instead of your actual passwords.  That way, if someone else finds your list, they will have to figure out how your memory tricks work in order learn your passwords, instead of having them spelled out in plain view.

3. Don't use the same password(s) for multiple websites.

"Remembering all of these passwords is hard!" we hear you say.  "Can't I just make things easy on myself by using a few strong passwords that I know off by heart for all of my accounts?"

While you might be able to get away with this, depending on how strong your passwords are, know that you're generally taking a large (and rather unnecessary) risk by doing so.  The reason for this should be obvious: if a hacker manages to break the password on one of your accounts, then they don't have to do any extra work in order to break into any other of your accounts that share the same password.

It may be tedious and time-consuming, but the best way to make sure that your Internet accounts stay secure is to use a different password for each of them.  This ensures that if a hacker breaks into one of your accounts, you will not have made it easy for them to break into any others.

4.  Change your passwords occasionally.

Even if you use strong passwords, hackers and malicious programs can pick away at them and try to figure them out over time.  Therefore, another good way to keep your passwords secure is to change them occasionally, perhaps every three months or so.  This undoes any progress that troublemakers may have made at cracking your passwords, ensuring that you always stay one step ahead of them.

5.  If you think an account has been hacked, try resetting its password.

As we noted in our How to Reset Your Password tutorial, resetting your password for one of your Internet accounts is a strategy that you can use if you think that someone knows how to get into that account without your permission.  As an added bonus, some websites (such as Facebook) will kick out anyone who happens to be using your account when you reset your password, so you may be able to turn the tables on an intruder.

If you wish to reset the password for an account because you think someone has hacked into it, one suggestion that we'll make is to do so from someone else's computer.  The reason for this is because if someone hacks one of your accounts, they may have also hacked into your computer (or they may at least be able to access the information necessary to do so).  Therefore, if you try to reset your password from your own computer, the hacker may be able to manipulate your computer's actions in order to block your attempts, or even lock you out of your computer.


A final tip that we'll give for remembering your passwords and keeping them secure is to use a password manager.  We'll get into what these are and how to use them in the next few tutorials in this course.

How to Reset Your Password

Sometimes, if you haven't used a website in a while and then come back to it one day, you might not be able to remember the password for your account.  Don't panic; it happens to the best of us every once in a while.  More importantly, the people who run most popular websites know that this happens, so they include tools that let you reset your password if you can't get into your account.  These tools are also useful in the unfortunate (but thankfully rare) event that you think someone knows how to get into your account without your permission.

Here are some other general points about resetting a password:

  • The option for resetting your password will usually be right on the log-in screen for the website that you're on.  However, some websites will let you reset your password (as opposed to changing it) from within your account if you are still logged in somehow.

  • The website will usually ask for some sort of other verifiable information about you in order to know that they're allowing you (and not a troublemaker) to reset your account password.  This might be your email address, phone number, or some other detail about how you use the website.

  • The website will usually send you an email or text message with information on how to reset the password on your account.  It may contain a hyperlink that you have to click, or a special code that you have to type into a certain page on the actual website.

  • Unlike when you change a password, you will never need to enter your old password in order to reset it and create a new one.

  • As we mentioned above, resetting a password is usually only used as an emergency last resort if you forget it, or think that someone has figured it out and hacked into your account.  If you just want to update your password in order to make it more secure, you can simply change it instead (see our How to Change Your Password tutorial).

How do I reset my password? – Facebook example

Like when changing a password, each website has slightly different ways of going about resetting a password.  However, their systems generally follow the formula laid out in the section above.  Let's return to the popular social media website Facebook for an example of how to reset a password.

  1. First, go to the log-in screen for the website.  In Facebook's case, you can log in right from their home page, but on other websites, you may need to click Sign In, Log In, or something similar.

    You should see a link that says something like Forgot Your Password?, Can't Access Your Account?, Need Help?, or something like that.  Click it.

  2. Next, you will be asked for some sort of personal information that can help it identify your account.  In Facebook's case, you can input your real name, your user name (if you added one), your email address, or your phone number (if you added one).  Then click Search (or Next, or Continue, or something of the like).

  3. Facebook will find accounts that match your information.  Click This is My Account beside the one that displays information that you recognize as yours.

  4. The website will now send you a message with instructions on how to reset your account.  Whether it's sent to you by email or phone text may depend on the information that you entered to identify your account, or you may be able to choose the method that you want.

    In Facebook's case, you can choose the option that you want (assuming that you've entered a phone number; otherwise, you will only be able to choose email).  Make your choice (if you are able to), and then click Continue.

  5. The email or text message will contain a hyperlink and/or code that will let you reset your password.  Click on the blue hyperlink (it might say something like Change Password or Click Here to Change Your Password, or have instructions like that beside it), or write down the code you receive and type it into the screen that you advanced to on the website.

  6. Next, you should see a web page where you can enter a new password.  Type in your "New Password" and then "Confirm [the new] Password" by typing it in again.

    You will notice that, as an extra security feature, Facebook gives you the option to automatically log out of any other places where your account is logged in.  This means that if someone else is using your account without your permission, you can kick them out, and they can't get back in because you've reset your password.

    When you're all set, click Continue.


Great!  Now that you know the general steps involved in resetting a password, you'll know what to look for when you go through the process on other websites.  But just in case, here are some step-by-step tutorials for how to reset your password on some of the most popular websites that we offer courses for:


Okay!  In our next lesson, we'll go over some general advice for using your passwords effectively.

How to Change Your Password

I want to change my password!

Based on the information we gave you about how to choose a good password in our How to Make a Strong Password tutorial, as well as how to avoid weak passwords, we're not surprised that you'd want to try out your newfound knowledge.  Before you actually do so, though, here are a few things to remember about changing your password:

  • You almost always have to be logged into the account that you want to change your password for, in order to change it.  The most common exception is if you wish to reset your password.

  • You can usually find the controls for changing your password under the "Settings" page of the website you're on, and/or under the "Security" or "Privacy" sub-category.

  • When creating a new password, you usually have to submit your old password as well.  If you can't remember it, you may need to reset your password instead.

  • Certain websites have certain rules on what your password can be.  For example, some websites will force your password to be at least (or at most) a certain length, or to contain at least two different types of characters (letters, numbers, or symbols).  Of course, as we went over in our How to Make a Strong Password tutorial, following these sorts of guidelines when making your password is a good habit anyway.

  • Certain websites will not allow you to use the same password twice.  If that is the case, be sure to make a note of this fact, and make a note of any passwords that you have used previously for your account on that website.  This will help you avoid wasting time trying to make previously-used passwords work on a website that won't allow it.

  • Changing a password is the standard practice for updating a password to one that is more secure.  If you need to change your password in an emergency, such as if you forget it or think that someone has accessed your account without your permission, then reset your password instead.

How do I change my password? – Facebook example

The process for changing your password is different depending on which website you're using.  However, they are usually all rather similar, and more-or-less follow the guidelines listed in the section above.  As an example, let's try changing a password on an account for Facebook, the popular social media website.

To change a password

  1. Log into the account that you wish to change the password for.  To do this, you will usually need to provide your name, user name, email address, or (sometimes) phone number, as well as your current password.

  2. A good bet to find the controls for changing a password is to look for the "Settings" menu.  In Facebook, it can be found by clicking the little arrow beside the lock icon in the top-right corner, and then clicking the Settings option in the drop-down menu that appears.

  3. In the case of Facebook, the option for changing your password is in the General account settings (which you should automatically be taken to).  Find the box that says "Password", and click Edit beside it.

  4. From here, type in your "Current" password, then the "New" password that you've come up with, and then "Re-type [the] New" password to verify it for security purposes.  Then click Save Changes.

To confirm that your password has been changed, check the email address that you use to receive messages from that website.  They will usually send you an alert that your password has been changed, which you can safely ignore if you were the one responsible for the change.  Also, try logging out of your account, and then logging in again by using your new password.


There!  Now that you have the basic skills for how to change a password, here are some other tutorials on how to change passwords for popular websites:


Next, we'll cover how to reset a password in case you forget it or think that someone knows how to get into your account.

How to Make a Strong Password

What is a strong password?

We've shown you several different examples of what a weak password looks like.  So, then, what does a strong one look like?  Well, it would look something like this:


"Wait a minute!" you might say.  "That password looks like total nonsense!"  Well, that's sort of the point: it's difficult for someone else to guess because it's not in a pattern that anybody (except maybe you) would recognize.  You'll see that this password follows almost all of the rules for what makes a good password that we're going to list below.

What makes a good password?

1.  Make sure that your password is of sufficient length.

The first step towards making a more secure password is to increase its length.  The more characters that a password has, the more characters a hacker has to guess before they can break it.  Most websites will suggest — and some will even require — that your password is at least 8 characters long (our example is 11).  However, don't go overboard and make a password that's so long that you can't easily remember it yourself!

2.  Use different types of characters in your password.

Use both letters and numbers in your password.  Since there are 10 numbers (from 0 to 9) and 26 letters, a hacker will have to guess from between 36 different possibilities for each character in your password.  If you can, also try to use special symbols in your password (e.g. !,@,#,$,%, or &).  This can mean that a hacker will have to try between 50 or more different possibilities for each character in your password!

3.  If possible, use both upper-case and lower-case letters.

Many websites allow your account password to be case-sensitive; that is, they care about whether or not a letter in your password is capitalized.  If that's the case (no pun intended), use both capital and non-capital letters in your password.  This makes for 26 more possibilities that someone has to try for each character in your password if they want to crack it!

4.  Don't base your password on easily-recognizable patterns.

A common mistake that we pointed out with the bad passwords listed in our Worst Passwords article is that they all follow patterns that are relatively easy to figure out, such as:

  • Simple sequences of numbers

  • Common words or phrases

  • Other physical patterns, such as rows or columns of keys on a keyboard

There are a few different ways to avoid making a password like this:

  • Use more than one type of character (letters, numbers, or symbols).

  • Don't use too many of one type of character.

  • Don't use too many of one type of character in a row.

Our example, for instance, contains 4 letters, 4 numbers, and 3 symbols (so fairly equal proportions).  Also, the pattern is number-letter-letter-number-symbol-letter-symbol-number-number-symbol-letter.  This isn't an obvious pattern, as opposed to something like all numbers, then all letters, then all symbols; or number-letter-symbol, and repeat that until we run out of characters.

5.  Base your password on a memorable (but not overly common) phrase.

To make a strong password that's easier to remember, start with a sentence or phrase about something.  Then, write down the first letter of each word in that sentence, and then substitute in capital letters, numbers, and symbols from there.  For example, let's try this sentence:

  • "I went to Eat at Joe's for breakfast on Saturday, May 9th."

If we write down the first letter of each word, we get this:

  • iwteajfbosmn

Not bad; it's certainly long enough at 12 characters, and it doesn't appear in any sort of pattern to anyone who doesn't know the phrase that you based it on.  However, it only contains lower-case letters. 

Let's fix that by adding some numbers.  Not only is there already a number in the phrase (9), but since the number "2" sounds like the word "to", and the number "4" sounds like the word "for", we can substitute those numbers for those words.  Now, we have this:

  • iw2eaj4bosm9

Alright, now let's spice it up by adding some symbols.  The symbol "@" stands for the word "at", so that's an easy substitution.  In addition, if you look closely, the symbol "!" looks like a capital letter "I", and the "$" symbol looks like a capital letter "S".  Let's add those in now:

  • !w2e@j4bo$m9

Great, we're almost there!  Now, let's just add in the capital letters that were already in the sentence, and we get this:

  • !w2E@J4bo$M9

Voila!  We now have a password that is sufficiently long, contains all sorts of different characters, and doesn't follow any sort of pattern except the phrase that you based it on!


Alright!  Now that you know some strategies for creating strong passwords (and avoiding creating weak ones), it's time to put your skills to the test.  Our next tutorials will show you how to change or reset a password for one of your computer or Internet accounts, so that you can create a better one.

Worst Passwords

A question that you're probably wondering about using passwords on your computer and the Internet is: how do I make a strong password?  As part of answering that question, we're first going to show you some common passwords that people use that aren't very strong.  We will explain what makes these passwords weak, so that hopefully when we explain the factors that contribute to a strong password, they will make more sense in the context of why passwords are weak when those factors aren't present.

Types of bad passwords

Short passwords

Examples: 1234, golf, asdf, abcd

Why they're bad: Simply put, these passwords are bad because they're too short.  This means that a hacker only has to figure out a pattern of a few characters in order to crack your password and intrude into your account.

Number patterns

Examples: 123456, 111111, 123123

Why they're bad: The first reason that these types of passwords are bad is because, as patterns, they're easy to predict.  This means that a hacker may only have to figure out a few characters of the password before they can simply guess the rest.  The other problem with these types of passwords is that they only consist of numbers.  This means that for each character, a hacker only has to guess from between 10 possibilities (i.e. each digit from 0 to 9).

Commonly-used words

Examples: dragon, mustang, football, shadow, password

Why they're bad: Like with number patterns, these passwords are weak because they only consist of letters.  This means that, for each character in the password, a hacker only has to guess from between 26 possibilities (i.e. every letter from "a" to "z").  And again, they're easily-recognizable patterns that hackers can easily guess based on only a few clues.

Note that "password" is especially obvious, and is considered one of the worst passwords ever.  So please do yourself a favour and never use it as your password.  Thanks.

Common phrases and abbreviations

Examples: iloveyou, letmein, trustno1

Why they're bad: While these types of passwords are somewhat stronger than single words, they're still fairly weak.  This is not only because the words that they're made up of are recognizable patterns, but also the sequences of words are recognizable patterns themselves.  Also, many of these passwords are only made up of letters, which limits the number of possibilities that a hacker has to guess for each character.

Personal information

Examples: robert1955, geneva1967, mary70

Why they're bad: There are many places both on and off the Internet that require you to provide your personal information, or where you may give it out willingly in the interest of being social.  If you have a computer password that is based on something like your name, age, birth year, and/or hometown, it won't be hard for someone who is even vaguely familiar with you or someone you know to guess it.

In addition, many of these types of information are recognizable patterns that a hacker can deduce easily.  Then, not only does a stranger have access to one of your accounts, but they also have a clue as to the identity of you, a friend, or a family member.

Keyboard patterns

Examples: qwertyuiop, zxcvbnm, 1qaz2wsx

Why they're bad: At first glance, these passwords might actually look quite strong, as none of them appear to be in any particular pattern.  However, take a close look at your keyboard, and you'll understand why they're bad.  The first two examples are just the first and third rows of letters across your keyboard spelled out, and the third one is the first two columns of letters and numbers on your keyboard spelled out. 

Thus, while seemingly random, these passwords do in fact follow easily-recognizable patterns that hackers can pick up on and use as clues to break them.


If any of your passwords are similar to the ones that we've listed here, don't panic!  In our next lesson, we'll teach you how to construct a password that's tougher to crack.  And in our later lessons, we'll teach you some general ways to change or reset a password on one of your accounts and replace it with a stronger one.

What is a Password?

Maybe, when you were young (or if you're still young), you had a treehouse, or made a pillow fort with your friends or parents, or built a snow fort with your school classmates.  Maybe you had a secret word or phrase that a person had to say before you let them in.  Maybe it was an inside joke.  Maybe it was some obscure information about a family member.  Whatever it was, the important part was that it was difficult to guess except by people who were supposed to know it anyway.

This age-old convention has made its way to the digital world, and now many things that we do on our computers or the Internet involve the use of passwords.  For example:

  • Some people put password locks on computer programs or files so that other people can't tamper with them. 

  • Many modern websites have user accounts that are secured using passwords, so only the account's owner can access the website by using that account. 

  • There are some websites that are entirely inaccessible unless the user knows the password, in order to prevent unauthorized users or computer programs from getting in and possibly causing trouble. 

  • Some password systems are advanced enough to use the password itself to scramble the information that it protects, so that it's unreadable by anyone who gets at it through other means.

Why are passwords important?

In the real world, passwords were important for armies, communities, and other groups in order for them to keep enemy soldiers and spies from infiltrating the group or their claimed territory.  Passwords in the digital world work in much the same way: they carve out a particular territory on a computer or the Internet that only people who know the password can get into.

The importance of passwords on the Internet is multiplied by the fact that the Internet is, by nature, a relatively open network that can be accessed almost anywhere by almost anyone.  This means that it's especially important for people to be able to set up digital "gates" and "walls" on the Internet that can only be passed if someone has the right credentials.  Without these checks in place, people could use any website as any person that they wanted to, and that would mean having access to information that wasn't theirs, and having the ability to do things that would get the person they're posing as in trouble.


So, what makes a password weak or strong?  How do you actually go about replacing a weak password with a stronger one?  What do you do if you can't remember your password, or think someone else has figured it out?  And how do you keep all of your different passwords in order?  We'll cover all of these topics and more in the articles and tutorials ahead, so stick with us!