How do I create a strong password?

Tip: Strong passwords are at least 12 characters long and have a mix of letters (upper and lowercase), numbers, and symbols. Do not include any personal info or easy dictionary words.

A strong password helps you keep your personal info safe, protects your online transactions, and prevents others from getting into your account.

Tips for creating a strong password

  • Don't reuse your passwords. Recycling passwords is highly insecure and gives hackers access to multiple accounts.
  • Make your password at least 12 characters long.
  • Use a combination of uppercase and lowercase letters, numbers, and symbols.
  • Avoid choosing passwords that could be guessed by people who know you or by people looking at easily accessible info (like your social media profiles).

  • Don't use personal info (such as your nickname or initials, important birthdays or years, the name of your child or pet etc.).
  • Don't use common words or patterns.
  • Make your password longer and memorable (such as a lyric from a song or poem or a meaningful quote from a movie or speech). 

  • Random passwords are the strongest. If you're having trouble creating one, you can use a password generator instead. However, random passwords can be hard to remember. Consider using password managers like LastPass, 1Password, and Google Chrome's password manager.

How to protect your password

  • Don’t share a password with anyone—not even a friend or family member.

  • Never send a password by email, instant message, or any other means of communication that is not reliably secure.
  • Use a unique password for each website. If someone steals a password that you use on multiple websites, then they have access to those accounts.

  • If you don’t want to memorize multiple passwords, consider using a password manager. The best password managers will automatically update stored passwords, keep them encrypted, and require multi-factor authentication for access.
  • Don’t store a password on the account that it’s designed to protect. 

  • Make sure any written passwords are stored somewhere that’s secret or locked. If you need to write your password down, don’t leave it on your computer or desk. 

If you suspect someone is trying to take over your iHerb account—or already has—we’ll work with you to secure it. For your protection, we may place a temporary hold on your account.

Signs of suspicious account activity

If your account is compromised, you may notice some or all of the following:

  • You have changes to the account password, address, or contact information.
  • You received a password reset email that you didn't initiate.
    • This doesn't necessarily mean that someone has accessed your account but iHerb recommends changing your password to be safe. 
  • You see return/refund requests that you didn't make.
  • You see unfamiliar/unknown purchases on your account.
  • Your payment information has changed.
  • You see unusual rewards activity such as an unauthorized cash out.

If you received an order confirmation email for an order that you didn't place, noticed any unfamiliar order(s), or suspect any unauthorized activity then you should contact your credit card company and/or bank immediately.

Also, please send an email to our verification team at and include the following information:

  • Suspicious order number(s).
  • Detailed description of any unusual activity from your account (if any).

If you still have access to your account, be sure to change your password to a more complex one with a combination of numbers, letters, and symbols.

Was this article helpful?
33 out of 49 found this helpful



Article is closed for comments.

Articles in this section