How to Create More Secure Passwords

Data breaches that leak personal information—including passwords—are becoming more and more common. Some people don't know how to create a strong password. Others rely on common, easy-to-hack passwords, or slightly modify existing ones for multiple websites. Trust us, 123456 isn’t going to protect you and we’ll tell you why! Plus we’ll break down how to make a great password and how to remember it.

Our Tips on How to Create a More Secure Password

123456 Isn’t Going to Protect You

According to SplashData, a security applications and services firm, "123456" and "password" ranked numbers one and two as the most common passwords involved in security breaches and have been the top passwords involved in breeches. Others included "12345678," "starwars" and "iloveyou."¹ Research from the World Economic Forum shows that although 80 percent of people surveyed think that cybersecurity is important, the majority of them continue to reuse identical passwords to log into multiple websites.²

Easy to remember? Yes. Safe? Absolutely not. Although it seems like a lot to remember, it’s a small price to pay to for better online safety to have unique passwords for every account.

Turn a Phrase into a Word

Software security researchers at Carnegie Mellon University recommend two simple and fun ways to come up with unique, secure passwords.³ The first one begins with making a sentence. We recommend that you chose a sentence related to the website. For instance, for your bank's website, a sentence could be, "My bank charges too many fees!" For your credit card account, a sentence could be, "Why is my credit card account balance always so high?" For your music account, a sentence might be, "I'm really tired of the 80s. Long live the 80s." Of course, you can make any sentence you want.

Now, take the first letter of every word in your made-up sentence. Include the punctuation, add a capital letter, or convert words or letters to numbers where it makes sense. So, "My bank charges way too many fees!" becomes "Mbcw2mf!" "Why is my credit card account balance always so high?" could be "Yimccabash?" "I'm really tired of the 80s. Long live the 80s." becomes "Irtot80s.Llt80s."

If the application allows long passwords, just use the whole sentence and don't bother with shortening it. If you want to shorten it, make sure it's at least eight characters long.

Link Two or Three Words with a Character

Another suggestion is to choose two or more seemingly unrelated words, join them with a non-alphabetic character or two, and throw in an uppercase just for fun.³ For instance, let's say Stillwater is the name of a new coffee shop you've been going to lately, and you've recently discovered their delicious Earl Grey tea latte called London Fog. Your new password could be based on the words "still," "water," "London," and "fog." You could merge them into "Still+water=Londonfog." Or how about joining the first names of your two favorite musical artists. Neko Case and Kendrick Lamar could be "Nek0&Kendrick." Get it?

Install a Password Manager

So now you have more secure passwords, but there’s the greatest danger of all: you trying to remember all of them! Thankfully, there are ways you can manage all your passwords securely.  You just need to remember one password to access them all.

These password managers use software encryption that's difficult to hack, and is also capable of storing your PINs, credit card numbers, security codes and answers to security questions.⁴ You just need to remember one password—the one that allows you to log into the password manager. Once it's open and you access a site, the manager offers to save your credentials, if you haven't already, or fill them in, if you have. According to Consumer Reports, if you try a password manager and don't like it, you can export your data to another one, as long as you've signed up with one of the major password managers.⁴

The downside is that you have to pay a fee. It's not much—somewhere between $12 and $40 a year—but it's an out-of-pocket cost.⁵ Some password managers are free, but may not have all the security features of those with a fee. Perhaps the most concerning issue is that password managers are, at their core, software, and software can be hacked. According to PC World, security researchers at Google have found flaws and bugs in some of the most reputable password managers, including LastPass, Keeper, Dashlane and 1Password.⁶

It boils down to risk. If you're not willing to go the extra step of creating a secure password for yourself, then adopting a password manager might be the best route. If you'd rather handle it yourself, use the password security tips above.