The passwords you pick to secure your online accounts (and the phone, smartwatch, and computer you use to access them) are some of the most critical ways to protect your online identity and personal information.


A SplashData analysis of more than 5 million passwords found that “123456” and “password” topped the list for the most common passwords in 2018. You don’t have to make life that easy for hackers, though. Follow these seven tips to set strong passwords for all of your accounts.

Aim For Complexity

Many accounts now force you to use a combination of letters, numbers, uppercase letters, lowercase letters, random characters and punctuation to create a password. Norton, a provider of antivirus software, says these requirements make passwords harder for a human to guess and more difficult for automated hacking software to crack. At a minimum, Norton recommends that a good password include:

  • At least eight characters.
  • A combination of characters, uppercase letters, lowercase letters, and special characters.

Make Your Password Impersonal

People tend to choose passwords that relate to their lives and their interests, like names of children, pets, or favorite vacation spots to make it easy to remember passwords. Unfortunately, even a novice hacker probably could guess at least part of a simple password like that after scrolling through your social media posts. (The same logic applies to passwords that include numbers tied to a child’s birthday, digits in a phone number or address, or a wedding anniversary). Choose a password that’s less relevant to your life.

Choose a Different Strategy for Each Password

A unique password uses numbers, characters, and letters, but the Federal Trade Commission’s chief technologist says it’s easy to fall into password-formation patterns. If you capitalize the first letter or final letter of one password and insert a # in the middle of it, for example, it’s likely you’ll repeat that with other passwords, making them weak passwords to use. The Federal Trade Commission says the predictable nature of passwords makes it fairly simple for cybercrooks who’ve already figured out one of your passwords to guess others you’ve set up.

Think Phrases, Not Words

If your password is based on a dictionary word (like “summer” or “Christmas”), Norton says, it’s easy for hackers to use software programs to crack it — even if you sprinkle in some capital letters. If you insist on using a word as your random password, misspell it or insert characters in place of a few letters.


When possible, it’s best to insert that word into a phrase, and use letters, numbers, symbols and uppercase or lowercase letters to “scramble” it. If your favorite holiday song is “It’s Beginning to Look a Lot Like Christmas,” for example, a secure-password could be iBg2Lk@lotLk#D1225.

Don’t Recycle Passwords

Sure, you want to limit your password mix to a minimum, given that fraud protection provider Cystera says the average internet user maintains 92 password-protected accounts. But if a hacker cracks the password on one of your accounts, it’s tough to protect other accounts that have the same or similar passwords.


The Krebs on Security blog says it’s especially important to use different passwords for email accounts and e-commerce sites.

You’re probably aware how frequently that type of data is compromised, and you don’t have much control over whether it’s secure. Your best (and potentially only) line of defense is to ensure the information can’t cause more damage if it falls into the wrong hands.

Stay On Top of Your Social Media Accounts

Norton says it’s critical to make sure the passwords for your social media and email accounts are strong. If a hacker can crack those passwords, then it’s fairly easy to break into more sensitive accounts, such as ones for credit cards or checking. Once a hacker pokes around in your email and social media accounts, it becomes simpler to dig up information needed to verify your identity, like your birth date or your mother’s maiden name.

Keep Track of Passwords the Old-Fashioned Way

Never keep lists of passwords on your computer, phone or any other device that could be hacked or stolen. Some apps do encrypt and store passwords for you, acting as a password manager, but Krebs on Security says the most secure method for remembering your passwords is offline. With old-fashioned paper and pen, list every site where a password is required. Write your login name next to each one, along with a password clue that only you know. Put the written list in a secure place in your home.