You need a password for just about every app, website, and service you use on your smartphone or your computer these days. (Which is one reason we recommend improving your security with a password manger.) From your favorite social network to the half-dozen music streaming apps you tried before you found the right one, the app that backs up your photos to the one that makes it easy to organize all of the memos you write to yourself when you’re away from your desk, many of the apps you use on a daily basis require you to create an account with a username and a password.
And that’s to say nothing of all of the things you access via your browser, where you need an assortment of passwords to check your email, pay your power bill, binge-watch the latest Netflix show, log in to your favorite publications’ websites, or pick up where you left off on the files you and your co-workers are collaborating on. There’s no reason to use insecure passwords for any of your accounts, especially when you can make it straightforward to choose secure passwords. Read on for everything you need to know about choosing the best passwords.
Learn the basics of strong passwords
Different apps, websites, and services have different requirements, but the basics of creating a strong password are always the same. You should use a mix of alphabetical and numeric characters, and use a combination of lower-case and upper-case letters. If the app or service in question allows you to use symbols, you should use them, as well. At minimum, you should choose a password that’s eight characters long, and you should never use one that’s comprised of fewer than six characters. In general, the longer the better, so somewhere between 12 and 14 characters is a good goal to aim toward.
Just as important as the things you should use in a password are the things that you shouldn’t. Don’t use your name or initials in any form, and don’t use any part of your ID number, user ID, or username in any form. Don’t include common names, the name of a relative or pet, or your phone number, address, birthday, or anniversary. Don’t use common acronyms, geographical names, product names, technical terms, names from popular culture, all-numeral strings like your license plate number or Social Security number, or obvious substitutions.
Other password types that are too easy for hackers to figure out? Single words preceded or followed by a single numeral, punctuation mark, or symbol; words or phrases with all the vowels deleted; words or phrases that don’t mix upper and lower-case or don’t mix letters with numbers or punctuation; and any word that exactly matches a word in the dictionary (whether forward, reverse, pluralized, or with some or all of the letters capitalized).
Choose a password that you can remember
Just as important as including the right combination of characters is creating a password that you can remember. A common tactic is to choose a phrase, and then use a combination of numbers, letters, and symbols to create a unique version of the phrase. Boston University’s Information Services & Technology staff recommends “obscure” phrasing, including, “an odd character in an otherwise familiar term,” a combination of two unrelated words, an acronym for an easy-to-remember quote or phrase, a deliberately misspelled term, a phonetically pronounceable nonsense word, two words separated by a non alphabetic or nonnumeric character, or a phrase where a letter has been replaced with another letter, symbol, or combination.
To choose a password that’s easy to remember, it’s a good idea to use as many of the techniques recommended above as possible. A great way to do that is to pick a phrase that you’ll remember or mentally associate with the app or service, and then choose all the first or last letters from each word and substitute in numbers or symbols. Next, add capitals to some of the letters, and either keep or add punctuation. If you’re choosing a password for a website, you could incorporate the first few letters of the website’s name. It’s important to ensure that each of your passwords is different, and if one is compromised, you won’t have to change them all. But that shouldn’t be an excuse to repeat the same basic password with just a few letters changed. It’s still a good idea to make sure that they’re all completely unique and hard to guess.
Use a password manager
We’ve said it before, and we’ll say it again: You should start using a password manager to create and remember strong passwords that are unique to the sites and services you use. A password manager can help you create safe and secure passwords, and all you’ll need to remember is the password to unlock the password manager. Even better? It’ll also free up your brain to focus on things other than creating and periodically changing passwords for every app and website you use. Even if you’re already using a browser-based manager, like the ones integrated into Chrome, Firefox, or other browsers, you’ll stand to benefit by using a piece of software that prioritizes security, generates strong passwords, and enables you to sync your logins across the various devices that you use.
Using a password manager or even a separate password generator to create strong passwords that take full advantage of the available character sets is a great idea. As Boston University’s security experts note, if you only use words from a dictionary or a purely numeric string, a hacker only has to try a limited list of possibilities. But if you use the full set of characters, a hacker would need to try many more combinations. Most can try millions of word variants per second, so the more complex your password is, the better.