August 23rd, 2011

The Perfect Password, and How to Keep Your Information Safe

14 Comments | Twitter | |


**Today’s guest post is contributed by LearnVest.**

Okay, LearnVesters, it’s time to talk about your internet security.

We here at LearnVest have been excited to roll out our new budgeting tool, My Money Center, which lets you link all of your accounts in one place, and see how you are doing on your budget in real time. We take the security of your accounts seriously—you can read more about how we protect your information here—so we decided to give you a crash course on making sure all your financial information is locked up tightly. That includes not only your account at My Money Center, but also your credit card account, your bank account, your investment account and even your Amazon account!

Because let’s be real: LearnVest can institute CIA-level security, but there’s only so much we can do to keep your information safe if your password is “password123.” Read on to learn how to keep your money matters away from the prying eyes of strangers and disgruntled ex-boyfriends alike.

1. Build a Better Password

We know you’re smart enough to avoid using passwords like the aforementioned “password123,” or your name plus your birth date. But as hackers get more sophisticated, so should you. There are a lot of different suggestions out there for how to build a great password. (Time magazine suggests using a dictionary word and replacing letters with numbers.) But a dictionary word can be cracked by a computer program relatively easily. So we scoured the internet to see what the security experts from places like Mozilla Firefox and the security firm Sophos suggest. Here are their tips for a memorable yet secure password.


Change this password every six months, and don’t use the same password for every account. One of our editors likes to keep one password for sensitive accounts, and another password for all of her social networks and other sites. On a higher level, password-protect your computer and your handheld so no one can wire money straight from your iPhone bank account app.

Oh, and one more thing … please don’t use the password we put together above. This one is just for illustrative purposes!

2. Don’t Take the Bait

Phishers—who try to get you to send them the information needed to steal your money and identity—send out missives that look like they could be from your friend, coworker or a job applicant. These Trojan horses can come by email, text message, Facebook post or by other routes. If an email or Facebook wall post comes from your friend and includes a line like the infamous, “LOL! Is this you!?” or “Someone said something mean about you in a blog,” get in touch with your friend some other way to confirm they actually sent it.

Treat emails from corporations the same way. Never respond with your password or other sensitive information—your financial institution will never solicit sensitive information by email. When in doubt, check the email for a customer service number that you can call to verify. If you can’t find one in the email, that’s a huge red flag. (Read our other tips on saving sensitive information here.)

Read more about keeping your identity safe over at LearnVest!

Disclaimer: All information posted to this site was accurate at the time of its initial publication. Efforts have been made to keep the content up to date and accurate. However, Credit Karma does not make any guarantees about the accuracy or completeness of the information provided. For complete details of any products mentioned, visit bank or issuer website.


  1. I love the tip about the favorite song! I might try to do that because I’m bad with passwords. My university account makes me change it every 4 months and I can never keep them straight. Any tips on how to remember passwords if you have a dozen different accounts?

    CreditShout at 10:30 am on August 23, 2011
  2. The password rules of pretty much all websites just make sure that a human can’t remember the password while adding limited security.

    See this for an illustration:

    Some pages try so hard that I can never remember the password and always have to go through the password recovery process. I doubt that emailing a password to me is more secure…

    Felix at 10:35 am on August 23, 2011
  3. Decent advice, but I think it misses the mark here. Short passwords are the problem, and the rules above (6 characters or more) will create passwords without enough entropy to be really secure against certain types of sophisticated attacks.

    Better to stop using passwords and use passphrases: short sentences that have meaning to you but are very hard to break. If you had a dog named Molly, you might use:

    Molly likes to play catch.
    Mom stole my lunch. (if you have a funny story about that in your life).

    Make it short enough to easily type, but long enough to have a lot of entropy (which is a measure of the amount of real information in a phrase). These are very easy to remember, because they have meaning for you, but very hard to break, because they follow a line of thought someone else couldn’t replicate.

    XKCD said it best:

    Steve Peterson at 10:55 am on August 23, 2011
  4. Can’t help but think of this:

    Matt Parsons at 11:02 am on August 23, 2011
  5. The advice in this post is based on recommendations from 4-5 years ago. The threat Landscape has changed.

    The big threats right now are easy to guess passwords (which this addresses), and password reuse.

    You should never reuse a password on a site that you need to keep secure. If a hacker gets the password list from a site where you use a password, they will likely have your email as well. They will they this combination on lots of other sites(this can be easily automated). If you reuse the password, they have you.

    This is what happened with sony playstation users, Aaron Barr at HB GARY, the Gawker hack, and plenty of others.

    The best solutionnis to use a password manager. 1password or last pass both work very well, and are online and integrate with your phone and/or browser. They allow you to create random passwords for as many sites as you need.

    David at 5:05 pm on August 23, 2011
  6. i am not a spammer

    Luis A. Alicea at 9:12 pm on November 6, 2013
  7. i am not a spammer just trying to fix credit

    Luis A. Alicea at 9:13 pm on November 6, 2013
  8. I am lost knowing texr is even a challenge. How I need to get it up past 703 . 8

    Hank T. Williams at 11:36 pm on December 23, 2014
  9. I have tried many times to use my e-mail address and pass word. I have been
    told the e-mail or the password is not correct. Now I have to go thru all the
    social security and send pictures of everything you request. I am not willing do all that, don’t have a printer and would not do it if I did have a
    printer This is the first time I have had this problem Why can’t you accept my current email or password? You know it is correct or I would not be receiving you e-mails. It is hard for me to understand what is going on
    that all of a sudden you can do this. If you continue to reject my e-mail and password, I will no longer try and go somewhere else.
    Vera Denney

    vera Denney at 9:09 pm on December 25, 2015
  10. Enola Guerrero

    Hi Vera – Sorry to hear you are having trouble with registration. Please contact our support team so they can assist you with this matter. You can contact them by going here:


    Enola Guerrero at 5:17 pm on December 28, 2015

Enter your comment