A handwritten note sits atop a white computer keyboard that reads "My password: [the numbers 123456 crossed out] and then "edWc!;8pte"The Mel Brooks spoof Spaceballs has a great scene where the villain, Dark Helmet, is trying to steal valuable resources from the King of Druidia. He blackmails the king for the code, who shamefacedly confesses that it is “1,2,3,4,5.” Dark Helmet (played brilliantly by Rick Moranis), throws up his mask and exclaims, “12345?! That’s the kind of thing an idiot would have on his luggage!” 

Unfortunately, there’s an element of truth to this gag that still resonates decades after the movies’ release. According to a Cybernews.com analysis, in 2022 the most common password out of more than 15 billion retrieved from publicly leaked data breaches was 123456. And while the rationale behind using something so simple was probably more cavalier than idiotic, the result could be catastrophic.

With so much of our lives digitized, it’s more important than ever to use strong passwords and to change them regularly. Yes, this is a giant pain in the tuckus; we’ve all had those moments of intense frustration from getting locked out of your own account because you can’t remember your password. Thankfully, you manage your various passwords using safe methods that don’t involve sticky notes all over the computer monitor. 

How to Craft a Stronger Password

Before you start worrying about how to keep track of your passwords, you need to make sure that you are crafting strong ones to begin with. First things first: You should NEVER use the same password for multiple accounts/websites. I can hear you groaning from here, but this is serious. Ensuring that you have different passwords for all of your online data will be the best way to protect yourself should anything get breached. 

Now that we’ve established the need to have unique passwords each and every time, we can discuss how to make them stronger. A good rule of thumb is that the longer and more complicated the password, the safer it is. Passwords are passé, passphrases are the way to go. Of course, that makes it more difficult for you to remember them, but we’ll get to that. 

Be Random. 

We’re probably all guilty of doing this to some degree, but you should never use information in your password that others can access through social media (birthdays, childrens’ names, pet names, car models etc). Instead of using names and dates that mean something, try using a different memory strategy. If your computer is on a desk, make a password out of items that are always sitting there, like LampPencilsCalendar. Even better? Use special characters to make it even stronger — which brings us to our next tip.

Use Special Characters Liberally

Special characters are those symbols that share space with the number keys, like @, #, or punctuation marks. It makes it much harder for someone to guess your password if you sprinkle a few special characters into otherwise mundane words. So, using our example from above, your password could look like L@mpPencil$¢alendar, or something along those lines. Get creative — the whole point is to be unpredictable.

You Need Numbers

If you’ve ever crafted a password for a particularly sensitive account — such as your bank or an online health platform — you have probably noticed that they require certain items to make your password stronger. Numbers are almost always on that list, because they add a whole new level of unpredictability. If it is difficult for you to add numbers without reverting to using memorable dates (it is certainly one of my bad habits), try to use them to replace letters like we did with special characters. Now, your password could look like a variation on L@mpP3ncil$¢a1endar.

Don’t Repeat Characters

It may be tempting to use the same trick throughout your password, but repeating characters actually makes it more predictable. Along those same lines, changing Password to Paaaassword is equally weak. If you replace a letter with a symbol, only do it once. Remember: unpredictability is the goal.

The 8-4 Rule

Some cybersecurity specialists insist that if you’re going to do the bare minimum when crafting a password, at least follow the 8-4 rule: Use a minimum length of 8 characters, with 4 of them being 1 lowercase, 1 uppercase, 1 number, and 1 special character.

Safe and Secure Password Management Options

Now that you know how complicated your passwords should be, it’s pretty clear that you can’t be expected to memorize a different one for every online account. In the old days, we would just write it on a sticky note and slap it on the monitor, but like our technology, we need to advance in our methods.

Password Manager Apps

One of the easiest ways to manage your passwords is to download an app that does it for you. Scads of them are available for free, as well as some that only cost a few dollars for an annual subscription. (Just because they are free doesn’t mean they’re unreliable — just do some research before committing to one so that you know the fine print.) Additionally, if you use antivirus software many programs include a password manager of part of the package, so be sure to look into whether you already have access. 

Some free password manager apps that have earned a decent reputation include Lastpass, Keeper, and Dashlane, to name a few. These types of apps typically require a really, really long master password, which would be your responsibility to write down and keep somewhere secure.

Let Your Browser Save Them For You

Most internet browsers will offer the option to store or even create your passwords for you. This isn’t a terrible way to go, in terms of cybersecurity, but it does create some issues. For one, if you need to log onto an account from your phone or a different device, you won’t have that password automatically stored. Or if you switch browsers (such as from Safari to Google Chrome), you will similarly lose the access, which can be incredibly frustrating. Newer technology with bioscan capabilities (like fingerprint or face recognition) is starting to serve as a bridge for these issues in some cases but has yet to truly catch up.

Encrypted Flash Drive

Someone is holding a flash drive while it's inserted into a laptop's USB portSome people choose to create a file with all of their stored passwords on a flash or thumb drive. This prevents cyberattackers from gaining access because the data isn’t stored on your harddrive. There are two issues with this method: one, flash drives are incredibly easy to misplace; and two, newer computers are being designed with fewer ports (for some awful reason) which could mean that ports are being phased out entirely. That could mean that down the road, it would be very difficult to access your files securely.

Create a Locked Notes App File

The Notes app on your phone has an option to create a Note that is locked by password or biometrics (face or fingerprint scan, depending on the generation of smartphone that you have.) The jury is still out amongst cybersecurity specialists whether this would be vulnerable or not, but so far it seems like a decent strategy. [On an Apple phone, you simply open Notes and create the note that you want to lock. Tap the More button, then tap Lock. You can then follow the prompts to either Use iPhone Passcode or Create Password, or if your device supports it, enable Face ID or Touch ID.]

Pen and Paper

It’s kind of ironic, actually, that the most secure way to keep your passwords safe from remote cyber attacks is to write them down on a piece of paper. If they aren’t online, they can’t be found online. The best way to do this is to keep a special notebook with all of your passwords in one place, and then keep that notebook in a secure place. 

Other Articles You Might Enjoy: