A password is a key
Think of a password like the key to your front door. It's the thing that proves the account is yours and keeps everyone else out. A weak key is easy for someone to copy. A strong key is not. This lesson is about making strong keys.
What makes a password weak
A password is weak when it's easy to guess. The easiest passwords in the world to guess are things like “password,” “123456,” your name, your pet's name, your favorite team, or your birthday. People who break into accounts try all of those first — they use computers that can guess millions of common passwords in seconds.
Short passwords are weak too. The longer a password is, the harder it is to crack.
The four-word trick
Here's the easiest way to make a password that is both strong and possible to remember: use four random words stuck together. Something like “purple-otter-cloud-banana.” It's long, which makes it strong. It's random, which makes it hard to guess. And it's four normal words, which makes it something your brain can actually hold onto.
The trick is that the words have to be random — not “my-name-is-emma.” Pick words that have nothing to do with each other and nothing to do with you.
Important accounts get their own password
You don't need a different password for every single thing. But your most important accounts — your email, and the games or apps you would be really upset to lose — should each have their own. Here's why: if you use the same password everywhere and one website gets broken into, suddenly someone has the key to all of them.
Passwords are not for sharing
Not with your best friend. Not with anyone. A password only does its job if you are the only person who knows it. Friends can fall out, and friends can lose track of who they told. The one exception is the trusted grown-up who helps you set your accounts up — that's their job.
If you can't remember all your passwords, that's normal — nobody can. Ask a grown-up about a password manager. It's a special app that remembers all your passwords for you, locked behind one main password. It's the safe way to handle the fact that there are simply too many to memorize.
The second lock
Here's the big one. Even a strong password can be stolen. So the best-protected accounts have a second lock — a backup. You might hear it called two-step verification, or 2FA, or “two-factor.”
It works like this: after you type your password, the account also sends a short code to your parent's phone, and you have to enter that code to get in. So even if a stranger somehow got your password, they still can't get in — because they don't have the phone. Two locks are much stronger than one. Ask a grown-up to help you turn it on for your email and your most important accounts.
Nobody real asks for your password
One last thing. Sometimes a message or a pop-up will say something like “verify your password here” or “enter your password to keep your account.” Real games and real websites never email or message you asking for your password. If something asks you to type your password anywhere other than the normal login screen, it's a trick. Don't do it — tell a grown-up instead.
Recap
A password is a key, and strong keys are long and random — four unrelated words work great. Your important accounts each get their own. Never share a password. Add a second lock where you can. And remember: nobody real ever asks you for your password.
With a grown-up, make one strong new password using four random, unrelated words — and use it for an account that matters, like email.
Try this today
Ask the grown-up who helps with your accounts one question: “Does my email have a second lock turned on?” If it doesn't, that's a great thing to set up together.
Download the resource
A one-page summary you can print and keep.
Download the one-page PDF Download the Parent Guide (PDF)