Want to learn more about technology? Subscribe now (do it here) and don’t miss a thing. Senior Planet offers feature articles on technology tips, plus free online classes (learn more here) on everything from how to Zoom to on-line banking and more. Subscribers receive The Weekly Orbit, our newsletter with features about personal finance, health and fitness, technology tips, an online book club, sex and relationships and more!
UPDATE: You’ve probably heard the news that hackers have stolen around two million usernames and passwords. The hacks were from 93,000 websites, including Google, Facebook, Twitter, Yahoo and LinkedIn.
Hackers are usually interested in accessing a user’s financial and other accounts using the password they’ve stolen.
Some websites have already notified affected users and asked them to change their passwords.
Experts are recommending that you:
- Pay attention to your bank and credit account statements in the next few months since hackers often wait to act.
- If your passwords for sites involving financial transactions are the same as your social and email passwords, change them!
- Never use the same password for more than one account. That way, if a hacker gets into, say, your Facebook account, they won’t be able to access any others.
- The most common hacked password was 123456. Never use obvious, easy to remember sequences for your password!
What’s Safe – and What’s Unsafe
Passwords may seem like an annoyance blocking you from what you want to do online, but of course they help keep your personal information safe from hackers who are up to no good. Think of a strong online password as a burglar-proof, fire-proof, triple-locked safe for your personal documents. It may be unlikely that you’ll be burglarized; but you’d rather be safe than sorry.
So, although you might be tempted to go with an easy-to-remember password like “12345” or even the word “password,” it’s a good idea to come up with something that’s harder to remember. Simple passwords like “12345” aren’t only simple for you – they’re also the easiest ones for someone to guess.
The same goes for using a single password for all your accounts: easy – but unsafe. If one account is compromised because someone figures out the password, then all your accounts could potentially be compromised. For your own safety, every account should have its own unique password.
Now let’s move on to what constitutes a strong password and how to create one for each of your accounts. At the end, I’ll give you some tips on how to remember all your new (or old) passwords.
Strong Password Do’s and Don’ts
Here are some tips for making your online password secure. It should:
- Have at least eight characters long, preferably more
- Include a combination of letters, numbers and punctuation (like *or $ or #)
- Include a combination of uppercase and lowercase letters
- Not be an actual word
- Not use your real name, username or personal information, such as your birthday, license plate number or address.
How to Create a Strong Password: Method 1
- Start with something that is memorable to you: a phrase, a date or a hobby. For demonstration purposes, I’m going to use the phrase “Cooking is fun.”
- Next, I’m going to do the following:
- Replace each “a” with @
- Replace each “s” with $
- Replace each space with %
- Replace ‘o’ with 0 (the number zero)
- Replace each “i” with !
- “Cooking is fun” becomes C00k!ng%!s%fun
How to Create a Strong Password: Method 2
- Think of a group of names that are related to each other: your children’s names, the names of your pets, or the names of all your siblings. For demonstration purposes, let’s say my siblings are named Jessica, Jenny and John.
- Combine the first couple of letters from each to form one word. It may look like gibberish to someone else, but it’s meaningful to you. “Jessica Jenny John Betsy” becomes JeJeJoBe
- Remember that strong passwords also include punctuation and numbers. So I am going to add a few to my password, using my favorite number and a smiley face emoticon to make it JeJeJoBe27:-)
How to Create a Strong Password: Method 3
- If it seems too confusing to create a password using the methods above, you can also have a use a password created by a password generator website. These websites use computer algorithms to create random passwords and they don’t send or store the passwords. Here’s how to use a password generator:
- Go to strongpasswordgenerator.com or random.org/passwords
- Follow the instructions to select the number of characters you want your password to be
- After you click the “get password” or “generate strong password” button, you will be given a safe, strong password you can use.
Remembering Your Password
By now, hopefully you have a few strong passwords. The tricky part is remembering them so you can actually access your accounts.
Some people will write their passwords on a Post-it note and stick it to their computer monitor, under their mouse pad or under their desk. This is not a safe method. If you locked your valuables in a heavy-duty safe, would you write the combination on a Post-it note and stick it to the safe? Probably not! It doesn’t matter how strong the safe is if you give away the combination.
It’s OK to write down your passwords to remember them, but make sure you hide the paper well. Here are a few places you could write down your password in case you forget it:
- In a cookbook on the page of your favorite recipe
- On the page of your favorite book
- On the back of a picture
- On a piece of paper in your wallet
- On a piece of paper that you lock in a safe
Don’t email your passwords to yourself; if hackers got into your email account, they would get access to all your accounts. And don’t keep your passwords on a document on your computer’s hard drive; that would be a little bit like putting them on a Post-it on your computer screen.
Ready? Go make safe passwords!
I have been following most of the advice given in this articlle for awhile now. I store my passwords in a locked Word file that requires its own password to be opened, and it is kept in a folder on my PC that is hard to find. Even if the file is opened, I made it very difficult to distinguish passwords from gibberish. Yet, when I need them, I can simply copy and paste the passwords onto a site, thus avoiding using keystrokes.
The only drawback that I have run into is making sure that I replace old passwords with new when they are changed.
Here’s a tool that I released recently to create easier to remember passwords that are basically just as strong as the ones that are hard to remember: https://seniorplanet.org//www.passgressive.com
My recipe to create passwords is some like this:
take (n) letters from website i will register into,
add my username in l33tspe@k (like your idea in article) and add some special characters like *() (who are visually easy to remember from keyboard.
strong and no-one will guess (except that i told my algorithm on internet ;))
btw random but really long and secure passwords you can generate here:
what do you think?
So how long will it take before the (Hackers) catch onto this….
This was very useful and gave me a lot of good ideas for passwords.
I bought a telephone/address booklet with alphabet tabs in which to keep all my passwords. I write them in pencil so when I have to change it, no problem. The booklet is small, innocent looking, portable and very, very handy. Since I have a gajillion passwords there’s just no other option. I think the odds of anyone searching for and finding it are pretty long and so I’m willing to take the risk in light of the convenience. Also, I have told my family where to find my passwords in case I die.
Thank you for the great article “How to Create – and Remember – a Secure Online Password” I will make a few changes to my current unsafe system.
Questions: Do you REALLY use a different password for EVERY account???
If a hacker gets into one account can they access others?
Thank you JJ
Hi JJ, thanks for your comment. I like to create different tiers of passwords. My most complicated ones I reserve for ones that contain really sensitive information (Like bank accounts and email). Those ones I try to change very frequently.
Other ones — like my Netflix account for example — I don’t change as frequently because I am not as concerned about their security.
Hi JJ, security experts say you should create different passwords for every account – hard to do! It’s a little like deciding how many locks you want on your door; the most important thing is to use a different password for every account that has any personal and/or financial information as well as for your Gmail or other email account, because yes, if a hacker accesses one account, they can access any other account that has the same or a very similar password. If you’re a three-lock person, then you might want separate emails for all the other accounts, too. Hope that helps! We’re planning to publish an article about “password managers” – these are apps that create strong passwords and remember them for you. Stay tuned!
Forgot to add, what does anyone think of websites that stupidly insist (or no enter!) to display publicly one’s full, genuine name?
One example: YouTube…
Thanks for a reply.
I adopted a “pen name” that looks like a real name. The websites that don’t like PiedType and insist on a “real” name will get “Sally Rand.” “Sally” has a Facebook page, too, for those naive enough to think a Facebook page is proof of identity. I’m not about to put my actual name out there.
Thanks so much for the most useful article which will make me change my lazy ways in this subject.
It was relatively easy for me in the past to memorize most of them, but now with more security exigencies I’ve been typing them on a page of my email, not involved with the computer system…Is it safe? Will appreciate an opinion. :o)
If the computer is your own, Mac has a place where you can keep relatively safe
One can safe all your passwords except your master password. To find out passwords for different applications are accessed by log in with the master password
How about writting your secret word or words
Thanks for a great article. I think I have to make some revisions to be safer after reading JeJeJoBe27:-) ‘s (whew!!) examples.
Thanks for this valuable information..
Enjoy your upcoming HOLIDAYS!
Great tips Betsy. I see the “sticky on the monitor” problem a lot with my clients and one suggestion I would like to add is to use a Password Manager. 1Password, LastPass, and Apple’s new iCloud are just a few.
These applications can generate long passwords that you do not need to remember. They are saved securely and you only have to remember 1 master password to use them.
wonderful, Thankyou so much
Indeed, it is hard to make memorable, yet strong passwords! Thanks for your post.
If any of your readers need help generating a random, strong, yet memorable password, check out sites like https://seniorplanet.org//random.pw, which has more tools and tips to generate strong passwords.
Thanks for the tip! That looks like a great tool.
Alaska is full of unusual names that lend themselves to this sort of memory aid. The lesser known, the better I’d say. Maybe try a city/town whose name wasn’t in “American” English, like Shageluk in my case. Thanks for the comeback.
May I make a suggestion?
I’m a senior, living in Anchorage Alaska, and like most seniors, I find my short-term memory can be somewhat unreliable. Remembering passwords can be a real hassle, so I developed a system that I use to help jog the grey matter: maps.
I use a map of Alaska, but you could use your own state, or any document that features city/town names. I pick a location, and transpose as many letters for numbers as possible. In my own case, as an example, the city of Shageluk (shag-uh-luck) a small Athabaskan village on the Innoko River becomes Sha6e1uk, or similar. Then, circle the name on the map, and notate it with the service requiring the password (Facebook, Twitter or whatever).
Should you forget the password, just drag the map out again.
That’s a great method! Thanks for sharing.