There are 645 trillion possible combinations for the standard 8-character password that is required for most sites. Still, that doesn’t mean that you can choose your favorite color, add a few numbers and call it a day. Creating the perfect password is about the balance of a strong password with that of one that is easy to remember- the emphasis should be on strength. Chances are that if a password is easy to remember, like oRange78, it is equally easy to hack. The objective of a password is to make it hard for someone other than yourself to get in. Ideally, you want a password that is both long and strong. For every extra character, you add to your password the possible combinations rise exponentially. A 9-character password, for example, will have a possible 45 quadrillion combinations.
Think about it, out of all those possible combinations there’s got to be at least a few that are both strong and easy to remember, right? Here are some tips and guidelines in order to create a strong password as well as one that’s easy to remember
Avoid the obvious
The first step is admitting you have a problem. It’s time to drop your generic password of ‘123456’ or ‘password.’ While you’re at it, you should avoid these 25 most popular passwords of 2016 as compiled by Keeper Security one of the leading online password managers:
Just. Don’t. Do. It.
Ditch passwords in favor of passphrases
Many experts agree that using a short phrase has become a preferable way to create a strong password as opposed to attempting to remember an alien jumble of letters. Instead of oRange78 use NoRhymesWithOrange78. You can also take the first letter of each word from a line in your favorite movie or song and string them together. The result will be random letters, yet still be easy to remember- because you already have.
Mix it up
In addition to the upper case, lower case, and numbers, it’s also important to use special characters- as long as you do so in a clever fashion. Substituting “1” for “i”, “$” for “s” and so on is not a good idea. Hackers are people too and they tailor their attacks to include these common tricks. A Dutch certificate authority, DigiNotar, was hacked and had to subsequently file for bankruptcy after an employee was hacked with the password Pr0d@dm1n in 2011.
You should also mix up your passwords by changing them periodically. Every 4-6 months is recommended.
Avoid reusing and recycling
Experts agree that it is inevitable that over time at least some of your passwords will be compromised. If you reuse your passwords, then a single breach could threaten all of your accounts. Additionally, avoid switching your passwords between a handful of options.
Add a website identifier to increase the uniqueness
One way to avoid re-using the same password across multiple logins is to add a website identifier onto the different passwords. Your Pinterest password could be pTNoRhymesWithOrange78, while your twitter password could be TwNoRhymesWithOrange78. The added identifiers not only add complexity to your password, but they also make them easier to remember.
Don’t remember me
Yes, I know that ‘remember me’ option is very tempting, but avoid using it. Keeping your passwords on your computer’s or phone’s browser is a surefire way for someone to gain access to your accounts and personal information if your device is stolen, lost, or compromised through malware.
Use two-step/factor verification
There’s a growing list of websites that author two-step or two-factor authentication (there are two schools of thought as to whether these are distinct) and you should certainly take advantage of either one. They usually work by forcing you to enter a code that is sent to your cell phone when you log on. It is an extra step before accessing your account but it is one of the easiest ways to substantially increase your security. Enabling this feature will require a hacker to not only obtain your password but also get control of your mobile device as well. Besides, chances are that your phone is always within reach anyway.
Keep a physical backup
If you just can’t get over the fear of forgetting your carefully sculpted password, then write it down! When was the last time a post-it note was hacked? Of course, if you decide to go this route putting it somewhere safe- like a safe- is essential. If you’re more of a digital than an analog person, you can make a spreadsheet and stow it behind two-factor verification. Cloud accessible storage providers like Dropbox usually offer two-step verification and will make your master list accessible wherever you are.
Use a password manager
Another way to keep a password master list is an online password manager. LastPass.com is by far the most popular. It’s free for computers but does have a fee for mobile syncing. It’s essentially the same as storing your passwords on a spreadsheet in the cloud, except that security is bolstered by strong encryption as well. LastPass did discover a breach in 2015, after which it prompted all of its users to change their master passwords. However, there is no evidence that the myriad of encrypted passwords was compromised.