First let’s begin with what not to do.

1. Avoid simple passwords (such as password, 12345678, 111111111, abcdefgh), the names of your children, pets and other personal information that is easily known or shared on social networks.  Also avoid using the same password on multiple accounts.  If you share passwords, you put all other accounts with the same password at risk.

Next, consider what makes a good password.

2. Uniqueness:  This step follows on what not to do.  By not sharing, you make your passwords unique and hard to guess.  Utilizing a mix of character types also helps to ensure your passwords are unique and difficult to guess.  Use capital & lower case letters, numbers and special characters (such as ! @ $ &).  Some of your accounts may restrict the special characters you can use and whether your password can begin with a number or a special character or not.  Always review the password requirements for the specific account.
3. Strength:  Long password are strong passwords.  16 character passwords are stronger than 8 character passwords.  Some believe that lengthy passwords can sometimes be stronger than short passwords with special characters.  Best practice says use special characters in long passwords.  Thi$L0ngPas$word1s$Tr@nger! than ThisLongpasSword
4. Phrases: These can be easy for you to remember but very difficult to guess. – Try something like – !wentF0r&LoNgw@lk2Day for the phrase I went for a long walk today.  Mix it up.  Try part of a favorite song or book.
5. Change your password regularly.  There have been numerous reports of data breaches in the news and you may have had your password compromised at some time.  You may or may not even know it.  Sometimes it doesn’t become evident for months or years.  Changing your password frequently will help keep you secure if a data breach compromised your info.  At the very least, change your passwords when you first learn of a data breach.
6. Password Managers & Generators: Managers help you by creating unique, strong passwords that you don’t have to remember.  Generators create strong passwords that you can use if you are concerned that yours aren’t strong enough.  There are some good options available both freeware and for a fee.  Some anti-virus software packages also offer password managers.  Look to reviews on cnet.com, pcmag.com, techradar.com.  These are just a few of the resources available for password managers.
7. Have Fun:  Ok, I admit this step doesn’t seem to be compatible with the seemingly overwhelming subject of passwords, but by being creative with your passwords you can make the effort fun and give you the feeling of playing a challenging game.  You might be surprised how easy it can be when you are having fun.

Other Tips:

• Don’t forget 2-factor authentication (more on this in another post).
• If you find it difficult to remember your passwords and don’t want to get a password manager, it might be ok to write them down and put in a secure location.  You won’t do this if your passwords are for government, business or other valuable and sensitive accounts or devices.  However, if you are at home and there is little risk of a person breaking in to your house to hack your accounts then this could be ok (online hacking is your greatest concern).  Just don’t keep the passwords near your devices.  It is unlikely a burgler will take the time looking for a list of passwords hidden in an obscure location when all they want is to grab your valuable equipment and get out.  Physical security is a topic for another day.
• Regardless of which methods you use, be aware that there is no password that is 100% safe.   Your goal is to make the task of cracking your passwords difficult.  The more difficult, the better.  There is little value for a hacker spending an excessive amout of time cracking a password with little or unknown value.  Easy passwords are simply low hanging fruit.
• These tips just scratch the surface, but they will give you a head start to keep ahead of the bad guys.