Stealing passwords is one of the oldest moves in hackers’ book. Ever since Internet accounts have existed, people have been trying to break into them. Password scavengers have been remarkably successful, too: in August, we learned that Russian hackers stole 1.2 billion username and password combinations, and in April, a vulnerability called Heartbleed was found to expose users’ data on websites from Gmail to Instagram.
Why are passwords so easy to hack? Some password-related hacks are beyond our control, but part of our vulnerability is our own fault. We tend to write passwords that are way too easy to guess. And we reuse passwords on multiple websites, so if a hacker has one of our passwords, they’ve got access to other accounts, too.
To be clear, there’s really no such thing as an unbreakable password. Hackers who are persistent enough and are using sufficiently powerful hardware will always be able to figure out your credentials. But if you fellow a few of these tips to creating a strong password, you’ll be much harder to hack — and therefore much safer.
Use lots of quirky character types. One way hackers crack passwords is by using sophisticated password-cracking software to test combinations of numbers, letters and symbols for your credentials. It can require a lot of computing power to do, but for shorter passwords, it’s a pretty reliable hacking method.
The more types of weird symbols—like !@$%—that your password has, the greater number of tries a computer has to take to guess your credentials. And some sites have features that block multiple password attempts, meaning the more complex your password is, the more likely a hacker will get locked out before their software guesses the right code.
Don’t use dictionary words. Passwords with common words or phrases ones are the first to fall to increasingly adept password-cracking software. Passwords like “Iloveyou” and “password” are not a dependable line of defense.
Use different passwords on different accounts. If you use the same password twice, it’s an invitation for hackers to double-dip into your data. Mix things up to stay safe.
Use two-factor authentication. Even hackers that have stolen your passwords aren’t going to easily access your accounts if you follow this tip. Two-factor authentication requires you to know something (your password), and to have something (a phone with a code, for instance).
Gmail’s two-factor authentication is a good example of how this works: after entering your password, Gmail sends a code to your phone, which you then enter for access to your email. Unless hackers have both your password and have stolen your phone, this is a major roadblock.
Use a password manager. A password manager creates a random, different password for every site you visit, and then saves them for you. Dashlane and LastPass are good examples of password managers.
Create a passphrase. Think of a sentence, then codify it. As an example, “I love skateboarding and reading” becomes “I<3sk8b0rd1ng&r3ad1ng”. That way, your password is complex but still easy for you to remember.
More Must-Reads from TIME
- Donald Trump Is TIME's 2024 Person of the Year
- Why We Chose Trump as Person of the Year
- Is Intermittent Fasting Good or Bad for You?
- The 100 Must-Read Books of 2024
- The 20 Best Christmas TV Episodes
- Column: If Optimism Feels Ridiculous Now, Try Hope
- The Future of Climate Action Is Trade Policy
- Merle Bombardieri Is Helping People Make the Baby Decision
Contact us at letters@time.com