Passwords are the house keys to your online accounts, and when they’re hacked, intruders can break in and wreak havoc.
To create strong passwords, you have to strike a balance between making them difficult for others to guess and making them easy enough for you to remember. Many people favor simple ones at their own risk: “123456” and “password” have remained the two most common passwords for six years, according to password security company SplashData.
Unlike many other security measures on websites, a password is one you have full control over. And given that over 1,000 data breaches happened in 2017 alone, according to the Identity Theft Resource Center, it might be time to strengthen your passwords. Here’s how.
How to make a foolproof password
1. Start with a sentence
Despite the “word” in “password,” it’s better to think of starting with multiple words. Some websites require only six or eight characters for passwords, but that doesn’t mean it’s a recommended length.
When it comes to passwords, “longer is better,” says Richard Crone, a payments expert and CEO of Crone Consulting LLC. “And the way to do that is to use a sentence structure.”
Pick a sentence that’s memorable but doesn’t have details that relate too closely to you. Avoid using birthdays or the names of pets or family members, and feel free to be creative. Here’s an example: “cats do not like cucumbers.” Then, take out the spaces, “catsdonotlikecucumbers.”
Avoid using birthdays or the names of pets or family members, and feel free to be creative.
“It’s really the length and the unrelatedness that gives you the best protection,” Crone says.
2. Avoid using real words
Change how your sentence looks by removing all the vowels, or only use the first one or two letters of each word. Don’t use dictionary words, which makes your password easier to guess.
The previous example becomes “cadonolicu” if you’re using the first two letters of every word in that sentence.
3. Mix in numbers, symbols and uppercase letters
Bring in a variety of characters to your password. Some websites have minimum requirements so you need to use at least one capital letter, one lowercase letter and a number. You might have to add a symbol like a period or exclamation point, too. As you mix it up, don’t repeat letters, numbers or symbols right next to each other.
By capitalizing some letters, replacing the “l” with an exclamation point and turning an “o” into a zero, the sample password becomes “CaD0No!icU.”
Use a password manager
The steps above help when you’re creating one really strong password, but remembering a dozen or more such passwords might make your head spin. That’s why you might want to consider using a password manager such as LastPass or Dashlane. There are free options, but some features are available only for purchase.
Think of a password manager as a bank vault that creates and stores long and complex passwords so you don’t have to. The only password to know is the one that unlocks the vault. Once you type that one, you can log into whatever online accounts you decide to keep on the password manager.
If you don’t use an online password manager, consider writing down complex passwords and storing them in a safe place such as a locked cabinet at home or in an encrypted file on your computer. These passwords should be difficult to access as well as to guess.
A password is “like scrambled eggs,” Crone says. “The more you fluff it up and spice it up, the better.”
Spencer is a banking writer at NerdWallet whose work has been featured by USA Today, the Los Angeles Times and more. He actually likes reading the fine print, especially if that means helping consumers understand and avoid bank account fees. In his free time, he runs long distances, writes short fiction and attends literary events in the Bay Area.