Last updated: November 10, 2020
How to Create (& Remember!) Secure Passwords
Disclosure: Your support helps keep the site running! We earn a referral fee for some of the services we recommend on this page. Learn more
Maybe it's happened to you before. Someone somehow breaks into your email account or one of your social profiles, and wreaks havoc. They send spammy emails to everyone in your contacts list, tweet suspicious links from your account (or awful homophobic and racist comments), or post unseemly photos on your Facebook wall. And while they're at it, they change the password so you can't get in to fix the problem right away, sending you on a wild goose chase with customer service.
The best way to counteract hackers is to set up a good defense from the beginning, and that means creating secure passwords. But before you can do that, though, it's important to know how not to create a password.
#1. Don't Use Personal Information
The days of being able to use a birthday or your pet's name as your password have been over for years. While it's probably true that no one close to you is going to hack your account (you hope), that doesn't mean a stranger can't just as easily guess your password. All they need to do is see your profile picture of you and your beloved dog, then start entering popular pet names. The odds are in the hacker's favor here.
#2. Don't Use the Same Password Everywhere
Maybe you really did do a good job of choosing a complex password. But if you're using all over the Internet, on shopping account, social media profiles, and worse—bank and credit card accounts—you're just asking to be compromised. A hacker may get lucky and determine your password on an account where they can't do much damage. But if they also have your name, or any other identifying information, they can start trying out that password on other sites you may use—sites with not-so-great security—and potentially get into an important account where they can really do some damage. Don't get too comfortable with one password. Change it up from site to site.
#3. Don't Keep Assigned Passwords
Say you're setting up a new work email, or you're creating an account on an e-commerce site. The IT manager or the site's form may assign a temporary password to you. Remember it's just that—temporary. It's not meant to remain your password because at least one other person knows it, or could probably guess it if it was "randomly" generated using your name or other identifying information. Change assigned passwords immediately upon signing into those new accounts for the first time, and dont' share the new passwords with anyone, even the IT department at work. If necessary, they have other means of accessing your email, but you don't want anyone just able to sign in and read things they have no business reading.
Of course, some of these tips assume manual work to guess or figure out your password. But hackers are more sophisticated than ever. They're not satisfied with hacking just one person's account when they could be hacking thousands. To that end, they use software to cycle through possible passwords for them, much more quickly than they'd ever be able to do it manually, and on a constant basis, until they hit upon a correct one, and gain access to an account.
This is all the more reason to ensure your passwords are secure and difficult to break.
If you think your current passwords are unbreakable, test them out to see. Microsoft offers a password checker, as does the site How Secure Is My Password. But if you're feeling a little unsecure right about now, it may be time to create stronger passwords.
#4. Choose a Random String of Characters
Many sites will tell you when creating a new password to include both upper and lower case letters, at least one numeral, and at least one symbol. This may seem like a pain, but it's an important step to helping you create a secure password. Rather than an actual work bracketed by numbers and symbols, simply choose a random sequence of letters, numbers, and symbols. Just be sure to make a note of it somewhere so you can get back into your account.
#5. Use a Password Generator
No need to wrack your brain to come up with that random string for every single account you use online. Password generators will quickly create tough-to-break passwords for you using parameters you set—number of characters, whether to include numerals or punctuation, the works. Again, keep your passwords in a secure place rather than relying on memory. Symantec offers a good one, and an easy one to remember is Strong Password Generator.
#6. Choose Long Passwords Over Short Ones
The more characters, the more difficult your password will be to break. A three-letter password can be broken in an average of 0.0007 seconds. Eleven letters can take up to 4.66 years to crack. Add more characters, numbers, punctuation, and symbols, and the length of time necessary to break a password increases exponentially. It's a safe bet that a hacker will give up before the passage of 1.21 centuries necessary to crack a 12-letter password. You might want to check to see how long it might take to crack your current password.
#7. Use a Password Manager
Creating a different password for every site you use, every account you create, means you'd either better have a fantastic memory, or a backup plan. Writing passwords down is never a good idea. Paper can be lost, damaged, or worse—stolen. Keeping them in a document on your computer leaves you open to risk if a hacker gains access to your computer via a Trojan horse virus.
Using a password manager such as LastPass or KeePass to store all your passwords not only keeps them secure, and keeps you from having to remember hundreds of character combinations, it gives you just one secure password to remember in order to gain access to your stored passwords.
Once you've created and stored a password in a management software, every time you visit that site, the password manager will recognize it, and automatically load your password for you, allowing you to sign right in with just a click.
Some password managers such as Roboform also include automatic form fillers so you never have to type out your name and address again, and they protect that information just as well as they protect your passwords.
#8. Change Your Passwords Regularly
Don't let strong password generators or encrypted password managers lull you into a false sense of security. Hackers are finding new and insidious ways to get into people's accounts all the time. Stay a few steps ahead of them by changing your passwords on a regular basis. Set up calendar reminders if you need to. If you have a lot of passwords, change them on a rotating basis so you don't have to go through dozens or possibly hundreds every time. Yes, it may seem like a huge inconvenience. Just think what an inconvenience it will be if a hacker gets access to your bank account or your credit card account. Endure a little inconvenience now to avoid a huge headache later.
While the Internet can be a source of convenience, entertainment, and fun, danger lurks around every corner. Even the most innocuous of sites—gaming sites, for instance—are often hacker targets. Don't leave yourself vulnerable, open to attack. The same way you buckle your seat belt every time you get into your car, be smart when you're online, and protect your information with strong, secure passwords. It's not a guarantee you'll never be hacked—there are no guarantees against that. But you will at least rest in the knowledge that you've done all you can to at least make it more difficult for hackers, and less likely they'll be able to damage your reputation, or your bank account.