Author: Tom Kemp
Published: Oct 02, 2025
Password security is one of the most essential and effective defenses against identity theft and account breaches that can expose your personal information. In other words, practicing good security habits, such as having strong passwords and using multi-factor authentication (MFA), is key to protecting your privacy.
The Problem with Passwords
Passwords that are weak, or easily guessed, are inherently more vulnerable to theft through phishing, breaches, or cyber attacks. At the same time, stronger passwords can also burden consumers with the need to remember complex strings, leading to insecure practices like writing them down or recycling them across accounts.
Password Tips
The first rule of thumb for passwords is never to reuse them across different accounts. Suppose a data breach on one site exposes your login information. In such cases, attackers often use automated tools to attempt the same login information on other platforms. This tactic, known as credential stuffing, is a common way that hackers can hijack your online accounts.
Creating strong, unique passwords for each one of your online accounts significantly reduces your risk of identity theft. The Federal Trade Commission recommends a minimum of 15 characters. A good password should also include a combination of upper and lowercase letters, numbers, and symbols. You should avoid common words, personal details like your birthday or pet’s name, and predictable patterns.
While memorizing dozens of complex passwords can be difficult, password managers can be a helpful solution. These tools can create and securely store unique passwords for each website you visit, encrypting them into a “vault” with a master password known only to you. You can consult trusted online reviewers to find the best password manager for you.
Added Protection with MFA
Having strong and unique passwords is helpful, but enabling multi-factor authentication (MFA) whenever it’s available will provide even greater security to your accounts — especially for sensitive accounts, such as email, banking, and health services. Even if a password is compromised, MFA requires an additional form of verification (such as a code sent to your phone or generated by an app), making unauthorized access much more difficult. Along with good password habits, MFA provides an essential extra layer of security in today’s digital world.
Types of MFA
There are three types of multi-factor authentication:
- Something you know: a passcode, pin, or phrase you have memorized or written down
- Something you have: a phone, an app or QR code
- Something you are: a scan of your face or fingerprint
MFA usually combines two of these. With MFA, even if someone has your password, they still can’t get into your account without a second step that proves it’s really you.
A good analogy of MFA is your bank’s debit card that you use to get money out of an ATM. The physical card is something you have. The pin to your debit card is something you know. So even if you lost your debit card, because the pin is also needed, the card itself is not usable to get money from your account out of the ATM.
Enabling MFA
If your online account offers MFA, typically you can enable it using the following steps. Go to the account you want to protect and log in. In Settings, look for Security, Privacy, or Login Options, then find Multifactor Authentication, Two-Step Verification, or Two-Factor Authentication.
Be sure to follow the instructions for the method you have chosen. For example, you may be asked to verify your phone number, email, or scan a QR code on an app. Remember to save any backup codes you are given. They can help you get back into your account if you lose access to your device.
Privacy and Security Go Hand-in-Hand
The goal of the California Consumer Privacy Act (CPPA) is to ensure that California consumers’ personal information is only used how the consumer wants to use it. Having strong passwords and enabling MFA are key steps that can help protect your online accounts and your personal information stored in them. Visit our How to Protect Your Personal Information page for more tips to control your privacy.