Which practice supports strong password hygiene?

Strong password hygiene means protecting each online account with a unique, long, and hard-to-guess password, using multifactor authentication, and updating credentials if there’s evidence of a breach. Using unique, strong passwords for every site prevents a breach on one site from gaining access to others, and a password manager can help you generate and store them securely. Enabling MFA adds a second form of verification, so even if a password is stolen, an attacker still has to overcome an additional barrier. Rotating passwords only when there’s a breach reduces risk and avoids unnecessary burden, whereas rotating daily without reason wastes effort and can lead to weaker practices. Reusing the same password across sites creates a single point of failure, and writing passwords on sticky notes is easy to observe or steal. In short, unique, strong passwords plus MFA—and rotating if compromised—best supports password hygiene.