DO
Use a unique password for every account. One breach won't compromise others.
DO
Store passwords in a password manager — never in a plain text file.
DO
Use 16+ characters for online accounts, 20+ for master passwords.
DO
Enable 2FA / MFA on critical accounts even with a strong password.
DON'T
Don't use personal info (name, birthday, pet name) — easily guessed.
DON'T
Don't reuse passwords. If one site leaks, attackers try it everywhere.
DON'T
Don't share passwords via email or chat. Use a secure sharing tool.