How to clean up your passwords and boost online security

Keeping your passwords strong and unique is foundational to ensuring that your online accounts stay secure. Here's how to clean up and improve your passwords.

How to clean up your passwords and boost online security

The health of your passwords is a big part of your overall online security and you shouldn't neglect it. Reviewing your passwords, weeding out the weak ones, and replacing them with stronger passwords are all good habits to keep up to fortify your online security. But what if you haven't done any of that in a while or have never gotten around to it before? No worries. With our handy guide below, we'll show you how to clean up your passwords and even suggest a few more ways to boost your security online.

Have I Been Pwned? website screenshot showing the hack search site's main page. screenshot

How to pinpoint problematic passwords

It's hard to fix weak or compromised passwords if you don't know which ones have those issues. Below, we'll go over two ways to check your passwords, depending on what security issues you're looking for.

Step 1: Use third-party hack search websites, such as Have I Been Pwned?, to check if your email address or other personal data appears in a data breach. If it does, you'll know to change the password for that particular online account. These sites are a great way figure out which of your passwords are likely to have been compromised/exposed. But if you choose to use these websites, be sure to pick a legitimate service, as there are also sites that may steal your information instead.

Step 2: Use Google Chrome’s password checker tool to review the strength level or data breach status of all your saved passwords. If you're a Google Chrome user and you've saved most of your passwords to it, its password checker tool will be particularly helpful to you. Running Chrome's password checker tool will review all of those saved passwords at once and let you know which ones are weak and which ones were exposed in a data breach. Once you've identified the problematic passwords, you can replace them with better ones.

Here's how to access Chrome's password checker tool:

Open Chrome and click on the More icon (three vertical dots). Then, click on Settings > Autofill > Passwords > Check Passwords. If there are any weak passwords among your saved ones, Chrome will populate a list of them for you. Chrome also says that it "will notify you when you sign in with a compromised password."

A person sitting at a table in front of a laptop and thinking. Yan Krukov/Pexels

How to clean up problematic passwords

Now that we know which passwords are too weak or compromised, we can start fixing them. In the following sections, we'll take a look at a few ways you can strengthen your passwords and a common pitfall you should avoid when creating them.

Step 1: Stop reusing the same password for different online accounts. It's a common mistake with big consequences. Namely, if you use a password for multiple online accounts and someone else guesses that password correctly, they now have access to all the accounts that password is connected to, not just the initial account they were trying to access. Reusing passwords puts you in a very vulnerable position security-wise. Make sure that each of your online accounts has a truly unique password.

Step 2: Create harder to guess passwords. It seems obvious, right? Lots of people are tempted to create simpler passwords, though, because simple passwords are easier to remember. But simple passwords usually aren't strong passwords, and that's what we're going for here when it comes to online security. Here are a few tips for creating stronger, harder-to-guess passwords:

Vary your characters and capitalization. Use upper and lower-case letters. Include numbers, symbols, and letters. Longer passwords are better. The general consensus is that a minimum of 12 characters is best. Avoid using widely used words, phrases, or including personal information about yourself that is publicly available. Use a password generator if you need to. They're particularly good at creating strong, complex passwords. Password manager services like Dashlane and LastPass have password generators you can use. Close up of a person's hands resting on a laptop while one hand holds a smartphone. Karolina Grabowska/Pexels

How to establish safe password habits going forward

You've identified the weak passwords, gotten rid of them, and replaced them with stronger ones. But are there any other things you could be doing to further bolster your online security? Yes. Creating stronger passwords and eliminating the use of weak ones is great, but it doesn't hurt to establish a few more security habits to enhance your protection and make your online security a bit easier to manage. Let's take a look at a few more online security tips.

Step 1: Don't let decades pass before you change your passwords. Popular password manager service LastPass recommends updating them at least once a year. Updating your passwords once a year can help keep your online accounts safe from those who may, for whatever reason, have access to your old login.

And don't forget to change them if you think they've been compromised or exposed in any way, such as via data breaches or malware infections.

Step 2: Get a password manager. Password managers are helpful, because they can help you do things like keep track of all your passwords, help you generate stronger ones, and alert you when a password has been exposed in a data breach.

Maintaining your online security with good password hygiene doesn't have to be difficult, and password managers are a big reason why.

Step 3: Consider using multi-factor authentication in addition to passwords. If your online accounts support the use of multi-factor authentication, you should use it. Multi-factor authentication essentially adds another step to the login process to strengthen the security of it.

With multi-factor authentication, you'll still log in with your username and password, but you'll also be prompted to enter a unique code that's been sent to you or appears in an authenticator app on your mobile device. The code is usually temporary and only generated for that log in attempt. This way, even if someone else has your password, they still won't be able to log into your account unless they can also access that temporary code, which is likely on a device they don't have access to.

Editors' Recommendations

VPN vs. VPS: What’s the difference? How to sync Outlook contacts with iPhone How to check your Mac for viruses and malware How to log out of a Gmail account on your iPhone How to clean up your hard drive