How to Create a Secure Password

You might find it hard to believe, but the most popular password in the world today is “123456.” Followed closely by “123456789” and “12345678”—not forgetting the old classic, “password1” which is still a firm favorite with internet users. It’s no surprise that these passwords are easy to crack.

But they’re still used again and again, probably because they’re easy to remember and most people just assume they’ll never get hacked. Now that we rely so much on the internet and online services, that’s just not true.

Want to keep your online accounts secure and protect yourself from hackers? We’ve got you covered. Follow these 9 tips to come up with a secure password that’s easy to remember.

9 tips for secure passwords

1. Never include your personal information 

Never use the names of your pets or family members, and certainly not your own name. The same goes for birthdays, your address, the type of car you drive, etc. If someone knows you or has captured data records with your personal information, it’s much easier for them to guess these passwords.

2. Don’t use logical sequences letters or numbers

This includes lists like “123456,” “abcdefg,” and “qwerty.” These strings are really easy to remember, but they are among the very first combinations that password crackers will try. So never use them.

3. Make your passwords longer

The longer your password is, the more numbers, letters, and special characters it can have—and the longer it takes to crack.

But your password doesn’t have to be a novel. “AJarOfStrawberryJam” is easy to remember and already comes in at 19 characters. In general, 12 characters is recommended as a good length.

4. Mix letters, numbers, and special characters

“The password must consist of upper and lower case letters, numbers, and special characters.” You’ve probably seen similar prompts a thousand times before. This is because even if your password is 20 characters long, it’s no use if it only contains the letter “a.” Automated password-cracking programs will guess it easily.

So back to our strawberry jam. “OneJarOfStrawberryJam” already includes upper and lower case letters. Now we’ll add numbers and special characters, and capitalize the beginning of each syllable. “1JarOfStrawBeRryJam?!” has the same number of characters and is almost as easy to remember. But it’s a lot more complex.

5. Replace letters with numbers and special characters

You know the way some letters look like numbers or signs? For example, the letter “E” looks like an inverted “3” or a “€.” And “S” looks like a “5” or a “$.” You can take advantage of this!

For example, you can turn “1JarOfStrawBeRryJam?!” into the advanced version:  “1JarOf$trawB3RryJam?!”

When you write it out, this password looks quite confusing. But if you remember the basic strategies behind it (S = $, E = 3), you can easily remember this monster of different characters.

6. Think of sentences and shorten them

Who said that passwords could only have one or two words? They can also be a whole sentence like, “I eat a jar of strawberry jam every Saturday!” 

Then shorten it by, for example, only using the first two letters of every word: “IEaAJaOfStJaEvSa!”

Or take it to the next level by swapping letters with similar symbols and numbers, like we did above (S = $, E = 3): “1€aAJaOf$tJa3v$a!”

There you go—a password that looks horrendously complicated but is easy for a weekend-jam-enthusiast to remember.

Remember: This post is mentioning some examples of passwords. Don’t use them as your own password!

Remember, don’t use the examples in this article for your new password. In this article we have mentioned examples of passwords. These passwords are now online and can be seen by everyone.

7. Don’t share your passwords with anyone

Colleagues, friends, family—not even your Mom. This isn’t an issue of how much you trust a person. But how easily passwords can be picked up by other people. For example, if your Mom types your password in on a public computer, or if she logs on to an unsecured WiFi network where hackers love to hangout. In short, the more people know your password, the greater the risk that someone else will crack it soon.

Of course, there are times when you will need to share your password with someone else. For example, if you’re working together on your website. In this case, we recommend using a password manager. 

8. Use a good password manager

No matter how secure or complex a password is, in the end, you have to be able to remember it. Easier said than done.

Fortunately, there are reliable programs that do exactly this for you. Password managers like LastPass or Dashlane not only store passwords, they also create them. And they are so complex and so secure that hackers can’t get around them.

If you want to share access to a certain user account with someone else, you can simply send them a link generated by your password manager. This way, the other person will never see your actual password and you can cancel their access at any time.

What about letting web browsers like Safari or Chrome save your passwords? Lots of modern browsers will offer to save passwords for you. But we advise against this because experts consider saving your passwords in a browser to be less secure than using a password manager.

9. Use different passwords for different accounts

The struggle is real. You already have a super secure password that you can easily remember. Why not use it for multiple accounts? 

The answer: No password is 100% secure. If a password falls into the wrong hands, the culprits have not only gained access to one of your accounts, but to several. And that can cause you a lot of problems, very quickly.

This is even more important because unfortunately not all platforms will keep your data completely secure. In recent years, password lists have appeared on the internet again and again. Criminals can access these leaked passwords then test them on different accounts.

How to check if your email address or password has been leaked

If you’re worried that your data might have been leaked by an online platform or service you use, it’s easy to check. Just visit Hasso Plattner Institute Identity Leak Checker or Have I Been Pwned and enter the email address you use to log in to your online account(s). These systems will then tell you if any passwords associated with this email address have been leaked online.

It might take a bit of practice, but once you get a new strategy in your head it’ll be easy to create secure passwords that you can remember. And when it comes to protecting your identity online, it’s more than worth it.

Stefan Sturm
Stefan is an editor at Jimdo. He writes about everything related to websites, online stores, and self-employment. When he’s not working, he enjoys good movies, games, and books.