1. Go Totally Random
“If you’re interested in picking a really strong password, the best thing you can do is pick it randomly,” says Joseph Bonneau, a technology fellow at the Electronic Frontier Foundation. “Roll dice, or there are some lists online of words you can randomly choose from. Generate something totally random that you have no influence over.” Try the Password Generator from Norton Identity Safe.
2. The Longer the Better
Longer passwords are more secure, says Lorrie Faith Cranor, the Chief Technologist at the U.S. Federal Trade Commission and Director of the CyLab Usable Privacy and Security Laboratory: “Generally people should aim for a password at least 12 characters long.” Additionally, when mixing up numbers, letters, and special characters, try to spread each out. Don’t bunch up letters at the beginning or end of the password.
Real Simple: 7 Genius Decluttering Apps to Simplify Your Life
3. Avoid Patterns
People are very “predictable” when creating passwords, says Cranor. “For example, if they are required to use a capital letter, most people put it first. If they are required to use a symbol they use an exclamation point and put it at the end.” When creating your password, avoid the obvious—like birthdays and names—but avoid keyboard sequences, too. “People often include a row of letters from the keyboard, because they think it looks random,” says Cranor. “But actually keyboard patterns, whether left, right, or diagonal, are among the most easily guessed passwords.”
Real Simple: How Social Media Could Be Sabotaging Your Sleep
4. Store Safely
Bonneau recommends keeping the passwords on a piece of paper and storing them somewhere safe, like your wallet. “Don’t send your passwords over email,” he warns. If you’re nervous about keeping them on a piece of paper, try an electronic password manager, like LastPass or Dashlane.
5. Change Only If Necessary
You may have heard that you need to change your password on a monthly basis, but both Cranor and Bonneau say that isn’t necessary. In fact, research shows that when people are obligated to change their password, they change it “according to a predictable pattern,” says Cranor, and so their new password is often weaker.
Real Simple: Passive Aggressive Work Emails, Decoded
6. Keep Your E-mail Secure
The biggest mistake people make is using the same password for multiple accounts—especially important accounts that you’d want to keep safe. Of course, you know that your financial accounts should have strong, unique passwords… but so should your e-mail. “Someone who has access to your email account can then trigger password resets on your other accounts and collect the reset links from your e-mail,” says Cranor. And social networking sites should be protected as well, as people could use those accounts to impersonate you.