Skip To Content

Be cyber secure: Hone your password-writing skills with this quiz

Use these tips to help keep your financial (and other) online accounts safe


YOU’RE PROBABLY FAMILIAR WITH these password requirements: a minimum number of characters, one capital letter and one numeral or symbol. Sounds easy, doesn’t it? But don’t take the task of picking your passwords too lightly.


Those characters serve to protect your privacy in all aspects of your life — emails, social feeds, shopping sites, medical records and, most important, your financial accounts. That’s why it’s critically important to choose passwords that cyber criminals will have difficulty cracking. Test the strength of your current passwords — and think about how you might bolster them — by asking yourself the following questions.



Which of these passwords is stronger? 123456 or photosynthesis?

Trick question. Neither password is strong. Simple numerical strings and words found in the dictionary, even ones you don’t normally use in day-to-day conversation, are easily guessed by cyber criminals, who often use complex programs to try every word in the dictionary as they attempt to penetrate accounts. Always use a more complex combination of letters, numbers and symbols.


How many characters are enough?

Generally, the longer the password, the harder it is to crack, since the number of possibilities increases substantially with each new character added. If you know that a password consists of a single lowercase letter, it would take no more than 26 attempts to hit on the correct one. Any string of letters that form a single word is also relatively easy to hack — a nine-character all-lowercase English word can be guessed in about a million tries. But a 15-character password of lowercase letters (without any numbers or special characters) that do not form a single word has more than 1.6 billion trillion possibilities.1


True or false? You should never use your birthday for your password.

Using any sort of personal information (birthday, middle name, numbers in your address — even an old one) is unwise, since cyber criminals might already have access to that information through social media or other means. But if you make it part of a longer, more complex password, that can be more secure.


Should you use your favorite sports team, band or movie character as a password?

It’s not really a good idea. Here’s why: While it’s easy to remember those sorts of things, there’s a good chance you’ve written about them on social media (or even listed them as favorites on some sites). One alternative is to consider picking a favorite phrase you’ll find easy to remember and using the first letter of each word in the phrase as your password.


Can I use the same password for multiple accounts?

If one account is accessed, you risk having your others compromised as well. It’s essential to have a different password for each account you create. At a minimum, you should always use unique passwords for your banking and investment accounts. And keep in mind that two is better than one: Use multifactor authentication — which requires two or more types of verification — whenever possible.


Are password manager apps worth considering?

Using a password manager will simplify your life. (To find one, search for “Password Manager” in your app store.) Here’s how it works: You can store existing passwords on the app or have the password manager assign long, random and complex auto-generated passwords for every account you have. When you want to access an account, just go to the manager and copy and paste your password into the login field for the account. In many cases, you can even have the app auto-populate the login fields for you. And the best part: You’ll only have to create and remember one password — the one to get into the manager.


Now, test your knowledge: Which of these passwords is the weakest?

No password is foolproof. But if you find that one of your accounts has been compromised, there are things you can, and should, do. Click on the weakest password below to unlock “Cyber security checklist: Consider taking these steps if your family’s devices have been targeted.”

123456 lenteredtheworldon5/2/1971


Stay connected, stay protected

To help keep your Merrill account information safe and secure, make sure your contact information is up to date and set up security and account alerts so we can stay in touch. Remember, if we need to reach out to you, we’ll NEVER ask for personal or financial information or an access code through email, text or unsolicited calls. Visit our Security Center for tips on how to recognize potential scams and learn more about how to keep your accounts safe.


Choose your advisor in a more personalized way

All our advisors are committed to putting your needs and priorities first. Find some who match your personal preferences too.


Try Advisor Match

Want us to contact you?

Randy Abrams, “Emotions Are Poor Passwords,” by ESET Research, 2009


Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided “as is,” with no guarantee of completeness, accuracy, or timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.


You need to answer some questions first

Then we can provide you with relevant answers.

Get started