Password Security: How to Create Good Passwords
Memorize these tips and tricks to create strong passwords and protect your online accounts
You already know to avoid using common, easy-to-guess passwords for your online accounts, but creating unique, strong passwords is easier said than done. Putting in the extra work for password security is worth it, though. Why? “Without a strong password, you are making it easier for an attacker to steal from your bank account, read your health records and impersonate you on social media,” says Brian Contos, chief security officer at Phosphorus Cybersecurity.
With everything going online, including banking and even digital wallets, cyber security is more important than ever. Hackers get more advanced every day, and much of our personal information lives online, putting our privacy and safety at risk. Reports show that about 33% of Americans have experienced an identity theft attempt, and in 2021, losses from identity theft in the U.S. totaled $5.8 billion. To keep your information safe, it’s essential to know how to be secure online.
If your favorite password shows up on this easy-to-crack passwords list, it’s time to change it. Luckily, we can help you get started. Follow these expert-approved tips for creating good passwords—and remembering them. And be sure to read up on other important online security issues, including how to tell if your computer has been hacked, what phishing is and how to avoid online scams.
How to create a strong password
Good passwords have several features in common: length, complexity, uniqueness and unfamiliarity. For the best password security, make sure your passwords have all these characteristics to deter hackers and protect yourself from doxxing and other digital attacks. Remember, each website will have different requirements that you will have to follow for making passwords, like using both uppercase and lowercase letters or including a symbol or number.
Make sure your password is long enough
When it comes to creating good passwords, longer is typically better. “Shoot for at least 15 characters,” Contos says.
Attackers use an automated software tool to try passwords until one works, but longer passwords are harder for the software to guess. “This is really about economics,” Contos explains. “You are trying to make the cracking of your password not worth the time and resources an attacker is willing to spend cracking it.”
Choose something complex
The same theory applies to using a mix of upper- and lowercase letters, numbers and special characters in your passwords. The more complex your password is, the tougher it is to crack.
“Even adding upper-case letters can make a password cracking program take longer,” Contos says. “Add in numbers and special characters, and an attacker might just move on.”
Diversify your passwords
Repeating or reusing passwords is one of the biggest password mistakes people make, according to Contos. Each password you create should be new and unique, or you could be putting your information at risk.
If your password is leaked in a data breach, every account that you used that password for becomes vulnerable. That also goes for these everyday items that are vulnerable to hacking.
“By setting unique passwords—ones you use for one, and only one, of your accounts—you limit the potential damage if or when an online service you use is breached,” says Tom Hickman, chief innovation officer at ThreatX. “Instead of the hacker gaining access to all your online accounts, you limit them to just one.”
Use the unfamiliar
Finally, you should never pick a password with personal information that could be easily found online, such as your birthday or the names of your children or pets. It’s likely that hackers will try different combinations of those words and numbers first, Contos says, compromising your password security. He recommends using a password that can’t be found in the dictionary, like a random collection of letters and characters.
FYI, there are not-so-good things hackers can do with your phone number, so remain vigilant in that regard too.
How can you create good passwords?
If you have ever been hacked on Instagram or needed to know how to recover a hacked Facebook account, you’ll know the importance of picking good passwords. Password security doesn’t have to be a headache, though. Here are some ways to create complex, unique passwords for every online account without repeating them.
Use a password generator
Digital password vaults, which store and protect passwords for all your online accounts, can often suggest strong, unique passwords for you to use.
You can also find free password generators online. The Norton Identity Safe Password Generator allows you to customize each password by length and type of characters, including letters, numbers, mixed cases and punctuation.
Choose a passphrase
Worried about remembering your password later? Contos suggests using a passphrase, instead. “You’ll be surprised how easy it is to remember a longer phrase that means something to you personally instead of a shorter password of gibberish,” he says.
For strong password protection, try choosing a phrase that is meaningful to you, like lyrics from your favorite song or the first sentence of your favorite book.
Tweak a sentence you’ll remember with symbols
While a hacker is more likely to guess your password if it’s your beloved dog’s name than, say, a line from a book, a passphrase isn’t totally unguessable. (Especially if you share book quotes or song lyrics all over social media.)
So once you pick a passphrase you’ll remember, increase your password security by replacing the letters with symbols or numbers. The letter S can become a dollar sign ($), the letter A can become the @ symbol and the letter E can become the number 3.
Take, for instance, the first line of Moby Dick: “Call me Ishmael.” Easy to remember, right? To make it a password, you might write it like this: C@lL-me_1Shm@3L.
What is an example of a good password?
Good passwords can be a random combination of letters, numbers and symbols, such as “fK&5#kl9&sSWn!” For passphrase ideas, try putting a math formula into words, Contos says. For example, “3+11=14” can be written as “3+EleveNequal$14.”
Contos also suggests swapping letters with symbols, such as “I ate two pizzas for dinner” but written as “I8twoPi**as4Dinner!” or “I like jazz and bourbon” written as “iL1KEj@zz&B0urb0n.”
Next, read how Instagram accounts get hacked and how you can avoid it.
How to keep your passwords safe
Carol Yepes/Getty Images
Never reuse a password, and don’t write it down
When creating good passwords for your online accounts, you might be tempted to write them down—but that’s a big mistake. Writing passwords down on paper is “an open invitation for a social engineering attack,” Hickman says. Anyone who finds that piece of paper, including a malicious coworker or IT contractor, will be able to access your online accounts or sell your password on the dark web to criminals. (Other social engineering attacks to be wary of include Facebook Marketplace scams, gift card scams and even Amazon scams.)
Another common password mistake is forgetting to frequently change the passwords on your accounts. For the greatest password safety, Contos recommends creating new passwords every 90 days for business accounts or every six months to a year for personal accounts.
Keep in mind that hackers know tricks to get around strong passwords with spyware, malicious software that gains access to your computer and steals your data. To protect yourself, avoid clicking pop-up windows without reading them, downloading files from unreliable sources and clicking links in phishing emails, like the common Apple ID phishing scam.
Use a password manager
Lengthy and complicated passwords will protect your online accounts, but “the risk you run with good passwords is that they can end up being too good,” says Chris Pierson, CEO of the cybersecurity company BlackCloak. If your passwords are difficult to remember, you might be tempted to write them down or reuse them for multiple accounts, which exposes your info to hackers.
Knowing all the bad things hackers can do with just your email address or phone number, you can probably imagine how much damage they can inflict with your passwords. That’s why experts recommend using an encrypted password vault program, also known as a password manager, to store your passwords.
Think of a password manager as a safe that holds all your valuables. You just need to remember the code to the safe—a single strong password—to gain access to a list of your hard-to-remember passwords.
“Password managers make it easy for you to maintain numerous strong, lengthy, unique passwords for your accounts without actually having to remember them yourself,” Contos says. “Using a password manager is a lot safer than jotting down your passwords on a sticky note or storing them in a web browser.”
Pierson considers 1Password the best password manager out there. In addition to syncing your data across all your devices and browsers, “with 1Password, the security is enhanced because you use a master password to access your vault across platforms,” he says. Plus, the product will alert you if your password has been compromised so you can change it ASAP.
The downside: There’s no free version. That said, the subscription fee is fairly small.
LastPass offers a free version that lets you experience most of the features without committing to a monthly rate. Like the product but want the full range of features? You can always upgrade to a premium account.
If you’re downloading security apps and want to include a password manager, this is a good option. Just keep in mind, the free version allows you to save passwords on one device; if you want to access those passwords on multiple devices, you’ll need to upgrade to the premium account.
Like LastPass, Dashlane stores your passwords for free, but you will need to pay a little more for extra features. The free version saves up to 50 passwords on one device, while Dashlane’s premium plan saves unlimited passwords on an unlimited number of devices.
For a free password manager, check out Bitwarden. It creates and stores as many passwords as you need—no limit required. If you want to upgrade, Bitwarden also offers a premium option with multifactor authentication for additional security.
Google password manager
Google password manager, which you can access via the Chrome browser, is another free option. While it’s a convenient option for Chrome users, it is unfortunately not compatible with iPhones or other Apple devices.
Use two-factor authentication
One of the most effective ways to protect your information is to use two-factor authentication. With this enabled, when you try to log in to a website with a password, you will also have to enter an additional code that is sent to your phone or email. The code is a different randomized string of numbers every time and is sent to you each time you try to log in. Two-factor authentication makes sure that it’s really you accessing your account, rather than a hacker with your password. It makes using platforms like Apple Pay and Google Pay safer, and it can help protect you from dangerous online activity like Cash App scams and Venmo scams.
Get Reader’s Digest’s Read Up newsletter for more tech, humor, cleaning, travel and fun facts all week long.