TECH
09/24/2014 09:21 am ET Updated Dec 06, 2017

You Can Create The Perfect Password. Here's How

Are you one of those people who's still using "baseball" or your home address for all your passwords? We shouldn't have to tell you this, but having super simple login information is one of the easiest ways for hackers to get access to everything from your Netflix account to your bank account.

We rounded up some of the most useful tips for creating and keeping track of your passwords, to better protect your personal information online:

1. Avoid the obvious (just like this tip)

Believe it or not, passwords like "123456" and "password" are still the most used. Don't. Do. This. Hackers can use a simple dictionary attack, where programs create and enter dictionary word-and-number combinations to get into your accounts easily.

2. Turn phrases into codes

As HuffPost blogger and online security expert Robert Siciliano recently explained, a good way to pick a password you won't forget is to convert a phrase about yourself into an acronym. For example, you should turn a sentence like “My college roommate was from a dairy farm in Wisconsin” into “McrwfadfiWI.”


You don't have to try pronouncing them.

3. Mix up letters and numbers

Sites will often tell you to use a combination of numbers, letters and symbols, but that doesn’t matter if you’re still using obvious words and numbers like "Password1234!" Instead, try making letters into numbers, or adding numbers in the middle of an acronym password. So to make the example password from Tip 2 even better, we'd change "McrwfadfiWI" to “Mcr1444wfadfiWI.”

4. Use 12 characters or more

Any password is crackable, but longer ones are harder to figure out. Sure, there are 645 trillion possible combinations for an eight-character password. But that number jumps exponentially each time you add a letter. According to researchers at Georgia Tech, it could take 17,134 years to crack a 12-character password.

5. Don't reuse or recycle

If you've got the same password for all your logins, one breach can endanger every account you have. Make sure to change your passwords periodically, and avoid just going back and forth between a handful.


Leaks happen, so don't make it easy.

6. Personalize by site

If you insist on repeating, at least add a few extra symbols that correspond to various sites, making your logins safer if one of your accounts is compromised. So for the example password above, adding a "FBK" to the password for a Facebook login could be one way to use it more than once: “FBK.Mcr1440wfadfiWI."

7. Stay logged off

While it’s convenient to store your passwords in your browser on your computer and smartphone, that's the easiest way for someone to get quick access to accounts and data if your device is stolen or compromised. Just uncheck the "remember me" option and take the few seconds to type in your password.

facebook log in
The time you spend retyping will be less stressful than being hacked.

8. Add two-step verification

Two-step verification helps protect even the strongest passwords from being hacked. The feature forces you to enter a code that's sent to your phone or email address in order to get into your account. Here's a list of sites that support it.

9. Keep a backup

Your passwords should be easy to remember, but we all have those forgetful days. Security expert Robert Siciliano suggests keeping an Excel file in a program like Google Drive or Dropbox that is cloud-accessible and also behind two-factor authentication. He also advises storing a physical copy in a safe in case of emergency. Of course, that paper will need to be updated every time you make a change.

10. Use a password manager

lastpass screen
LastPass will store and generate passwords for an unlimited number of sites.

The easiest way to remember and feel safe about entering your passwords across all sites is to use a password management tool. Don't fear the cloud -- these services have strong encryption and allow you to unlock and auto-fill your passwords and other information with one master password.

We've tested three of the top tools, and LastPass, free on computers or $12 yearly for mobile sync, seems to be the best option.

CONVERSATIONS