Forget using the word “password,” for one thing. Or any other single name or word from the dictionary. Or anything with personally relevance — like a family name, home address, or birthday. A good password has at least eight characters; contains a mixture of upper and lowercase letters, symbols and numbers; and wouldn’t be easily guessed by others.
Better yet, use a “passphrase,” suggests cryptographer and computer security expert Bruce Schneier. Start with a sentence you can remember, Then replace each word of the phrase with its initial, a similar digit or symbol, or, at random, use a whole word. For example: MY DOG NATE WOOFS AND RUNS IN HIS SLEEP could become mdN8w@r!hs. (Don’t use this one, though.) Since that may be tough to remember, you can write a reminder on a piece of paper and then hide the paper somewhere safe. But write the phrase or a hint, not the password itself.
Use distinct passwords for your most critical accounts; you don’t want to daisy chain them together so that someone who gains access to your email can also get into your bank account with the same login, advises Eva Velasquez, president of the Identity Theft Resource Center.