Expert Tips for Crafting a Stronger Password: How to Pick Passwords and (Hopefully) Remember Them

According to the Identity Theft Resource Center (ITRC), a strong password is a long, virtually unguessable combination of letters, numbers, and symbols that is used for only one account—not repeated across multiple accounts. Do your passwords currently meet those criteria? If not, it could be time for an update.

Make It Memorable for You, but Nearly Impossible to Guess 

Ideally, your passwords should be memorable for you, but nearly impossible for others to guess. But that’s a tough balance to strike, especially considering that experts advise using a unique password for each account.

ITRC suggests coming up with your own cheat. Here’s an example: First, pick a song or book title that is memorable for you (for demonstration purposes, they chose the song, “These Boots Were Made for Walking”). Second, pick a number combination that is memorable for you, such as a childhood phone number. Finally, string the two together by alternating the first letter of each word with each digit in the number. The results would look something like this, with alternating uppercase and lowercase letters and added symbols at the beginning and end:

Google offers similar advice, recommending that their users select longer passwords like a song lyric, quote, or meaningful phrase and then mixing it up with capital letters, numbers, and special characters. In their example, the password “Spooky Halloween” becomes “sPo0kyH@ll0w3En”.

Now, it’s up to you to forget those two specific examples, and invent your own password strategy.

Beyond Password Protection: Two-factor Authentication 

Thankfully, with today’s technology, there are methods to better protect your accounts beyond just a password, and security experts say that two-factor authentication could be one of your best bets.

Two-factor authentication is a security process that verifies your identity in two different ways before allowing you to access your account. The first “factor” you use to identity yourself is typically your password. The second factor could be your fingerprint, a text message code sent to your phone, a USB security key that you carry, or another method.

According to TechCrunch, two-factor authentication could better protect you from: malware that attempts to scrape your password, phishing emails that target your login information, or even credential stuffing, a tactic in which attackers take username and password combinations stolen from one website and “stuff” those login credentials into other websites in an attempt to access the victim’s other online accounts.

Read: Bots Can Guess Your Password at the Rate of Billions of Guesses per Second. Are Your Accounts Secure?

Many of the world’s largest online and mobile properties offer two-factor authentication, but in most cases you’ll need to enable it on each individual account. Refer to these detailed step-by-step instructions for turning on two-factor authentication on many popular websites and apps.