This is the easiest and most secure way to create passwords that can stand up to a potential attack. The beautiful thing about a password manager is it will make and keep track of your passwords for you—and there’s no risk that Fido or your favorite TV show will end up in the mix.
Best of all, you only have to remember one password, the master password. Look for a password manager that uses local storage, rather than the cloud, so it will be less vulnerable to a remote attack. And store the master password on old-fashioned paper in a secure place like a lock box or safe.
If you’re going to stick to old-school password creation, make sure your passwords are long. We’re talking at least 16 characters. The safest bet is a long string of words that are not part of a common phrase. You should also mix it up with upper and lowercase letters, numbers, and some special characters.
SafeWise advisory group member and IT security expert Pete Canavan gives a tip for making difficult-to-crack but memorable (to you) passwords.
"You can use a password generator or use easy-to-remember, unique phrases to create passwords," he says.
Using your favorite show or book to come up with a password is tempting, but it’s too personal (and not random). Simply changing out letters for symbols in your pa$w0rd is not a good strategy—add additional characters like Canavan recommends. Stay away from common phrases too. Whether it’s a line from Shakespeare or something Kardashian-related, it’s too simple and won’t fool a pro.
Go online and find out just how strong your passwords are. You can use sites like How Secure Is My Password? to get a real-time assessment of how easy it would be for a human or computer to figure out a password. You’ll also get tips on how to make the password more complex and secure.
This is one instance where you don’t want to reuse old items. Never use an identical password on more than one account, and don’t bring an old favorite back into rotation just because you’re out of ideas. If you use the same password for multiple services, that means that if one account gets hacked, they could all be vulnerable.