Why All Your Passwords Are Worthless (And How to Make Them Secure)

When trying to create a secure password for an online account, you probably consider only a couple of things: whether your friends could guess it, and whether you’ll remember it. The average internet user maintains 25 online accounts but uses only six or seven passwords to protect them, according to a Microsoft study; as a result, hackers who can figure out the password to your email account will try the same password to hack into your bank account. Creating a more secure password is essential to keeping your accounts safe.

Your Passwords: Not So Clever

You probably have a password right from the list of most frequently used ones — “password,” “123456 . . . ,” “qwerty,” or “mustang,” for instance. And since an estimated 91 percent of sampled users’ passwords appear on a list of top 1,000 passwords, it’s important to make your password as random as possible — meaning no names, terms of endearment, or really anything you would find in a dictionary. In addition to lists of common passwords, hackers are aware of patterns we use when creating them.

When creating passwords, women tend to use names and men tend to use hobbies. Then they try to make things tricky by:

• Capitalizing the first letter
• Adding a number at the end
• Throwing in a common symbol (!, @, #, $, %, *, ~)

But these patterns — and even replacing letters with numbers (“F1do87!”) or spelling things backwards — are common patterns hackers program their software to look for.

Creating an Uncrackable Code

Obviously a secure password is one that is long (well over eight characters), random, and contains a variety of characters (capital and lower-case letters, numbers, symbols).  Avoid patterns or number sequences, common misspellings, and abbreviations. Obviously, using your personal information isn’t the best idea — avoid using any part of your birthday or name.

One suggestion is to take a line you can remember and convert it to a nonsensical password. So, for example, the phrase, “My kids like to build with two-by-fours,” would become “MkLtBw2b4,”–a pattern not likely to show up in a hacker’s dictionary of common passwords. You could also use the first letters of words in the first line of a song, making the password memorable but random. You can test the strength of a password using an online password security checker.

Keeping Your Accounts Extra Secure

It’s extremely important to have a different password for every account you log in to. Try to change your passwords often (and completely — just don’t cycle them through your accounts). Don’t let your browser save your passwords; log out of things completely, and clear your cookies and/or cache.

When setting up online accounts, consider using fictional answers to security verification questions. Where the security question asks for the name of your pet or your mother’s maiden name (things anyone close to you could easily find out) instead use a fictional answer — but make sure it’s one you’ll remember.

Remembering Your Passwords

One suggestion for keeping your passwords straight is to have a very uncrackable password for your online banking and your email address, and then leave the easy ones for all your other less important accounts (fantasy football, for instance).

A better idea is to use a password manager — especially one that encrypts your information and requires a master password to access it — can help you keep your passwords straight and secure. Among the most popular are mSecure, LastPass and 1Password, all of which can help you generate random passwords in the first place based on specific settings you determine (length, types of characters allowed, and whether it’s pronounceable).

The most secure password is one even you couldn’t crack — so make sure your passwords are all different, random, and saved in your little password wallet — just make sure you remember that password.