Password Best Practices: Simple Ways to Protect Your Accounts

Passwords are still the key to most of your digital life. The good news: a few practical habits go a long way. Use long, unique passphrases, avoid reusing passwords, turn on biometrics where you can, and skip risky storage methods like Notes apps or sticky notes. Below we show you exactly how to create strong passwords, plus how to change your ONE Wallet password if you need to.

What makes a strong password today?

Length beats complexity. Modern guidance emphasizes length over rigid composition rules. In plain language, a long passphrase you can remember is stronger than a short jumble you will forget.

Why do passphrases work better? A passphrase is a string of words you can remember but others cannot guess, especially when you include separators or unexpected words. Think of a few uncommon words together rather than a single hard-to-remember string.

Avoid the usual suspects. Lists of leaked passwords show the same weak picks year after year. If any of your passwords look like simple number strings or common words like “password,” change them today.

Best practices you can use in minutes

• Do not reuse passwords. Reusing a password means one website breach can unlock multiple accounts. Use a unique passphrase for every important account.
• Consider a password manager. Password managers create and store strong, unique passwords so you do not have to. Secure it with a strong master passphrase.
• Turn on biometrics and multi-factor authentication when available. Features like Face ID, fingerprint, or a one-time code add a barrier even if someone learns your password.
• Do not share passwords. Independent Bank will never ask for your online banking password or card PIN. If someone asks, it is a red flag.
• Do not store passwords in the Notes app, email, or on paper. If your phone or inbox is compromised, those are easy to search. A reputable password manager is a safer choice.
• Smart substitutions are a memory aid, not a silver bullet. Swapping letters like a→@ or s→$ can help you remember, but attackers try common substitutions first. Treat them as a layer on top of a long passphrase, not as your main defense.

How to build great passphrases

Use this quick method to create strong, memorable passphrases.

1. Pick 3–4 uncommon words from a private memory.
2. Add one number and one symbol.
3. Add 2–3 letters as a site hint so each passphrase is unique per site.

Examples

Tip: Longer is stronger. If you are comfortable, add one more word or a second separator to make it even tougher. Avoid famous lyrics or quotes.

How to change your online banking (ONE Wallet) password:

If you forgot your ONE Wallet password:

1. Go to the ONE Wallet sign-in page and select “Forgot Password.”
2. Enter the requested information to verify your identity.
3. Create and confirm your new password.
4. If you run into trouble, call our Customer Connection HUB at 800.355.0641 for help.

If you are already signed in and want to change it:

1. Open ONE Wallet on desktop or mobile, tap the menu on mobile or profile on desktop, then select Password from the sub navigation menu. 
2. You will be asked for your current password and then prompted to create a new one.
3. If you cannot find the option, our Support Center can point you to the exact steps for your device.

Tip: After changing your password, review your account alerts in ONE Wallet so you are notified of sign-ins or unusual activity.

If you think a password was exposed

• Change the password immediately for the affected account and any other accounts where you may have reused it.
• Turn on multi-factor authentication or biometrics for that account.
• Check your email, including spam, for security alerts from the service.
• Review recent activity in ONE Wallet and set up or tighten account alerts. Contact us right away if you see unauthorized transactions.
• Update your device, run antivirus if available, and sign out of active sessions.
• Consider a password manager to generate unique replacements across your accounts.

Quick myths vs. facts

Myth: Short, complicated passwords with lots of symbols are best.
Fact: Longer passphrases are stronger and easier to remember. Complexity helps, but length matters most.

Myth: You must change your passwords every 30 days.
Fact: Change passwords after a breach, when you have reused them, or when you suspect risk.

FAQs

What are the most common weak passwords I should avoid?
Leaked password studies show simple sequences like 123456 and common words like password appear frequently. If any of your passwords look like that, change them now and use a unique passphrase instead.

How long should my password be?
Aim for a long passphrase made of four to six uncommon words with separators. Length matters more than strict character rules and makes guessing far harder.

Is it safe to use a password manager?
Yes. Reputable password managers generate and store unique passwords and can autofill them securely across your devices. Protect the manager with a strong master passphrase.

Should I change my passwords regularly?
Change them whenever there is a breach, if you have reused a password, or when you suspect risk. Routine forced changes can lead to weaker choices and are not broadly recommended.

Can I use song lyrics for a passphrase?
Avoid famous lyrics or quotes. They often appear in breach data and are easier to guess. Use a private phrase with uncommon details instead.

We’re here to help

Want more tips and tools on how to keep yourself protected? Visit the Fraud & Security Center.