Skip to content

Personal Technology Resource Center


Create Hack-Proof Passwords to Avoid Cyberattacks

4 tips and strategies for keeping your online data secure

New Rules for Password Protection

Harry Campbell/

Employ these smart strategies for keeping your data secure.

En español | It used to be easy to create hard-to-crack passwords: You just used at least eight characters you could remember, combining upper- and lowercase letters, numbers and symbols such as @, & and >.

But in recent years, hundreds of millions of user passwords have been stolen in cyberattacks on banks and other institutions, giving hackers broader insight into how and why folks choose the passwords they do.

See also: Protect your parents from scams

Password-cracking technology has improved as well. So now's the time to up your game. What hasn't changed are the password "don'ts."

  • Don't reuse the same password across multiple sites; recycling is especially dangerous for email, banking and social media accounts.
  • Don't use the following in passwords or answers to website security questions: loved ones' names (pets included), hometowns, wedding dates or anything else that can be gleaned with some online research.
  • Don't save passwords or use "remember me" options on a public computer. The next user can access your account.
  • Don't reemploy previous passwords, even if you haven't used them in years.
  • Never use the most common and easily hacked choices such as "123456," "qwerty" or "password."
  • Don't leave your smartphone unprotected by a password, as 2 in 3 users do. Pick a code that isn't something obvious, such as your birth date or birth year. Also avoid common passwords such as 1234, 0000, 2580 (a top-to-bottom sequence) and 5683 (which spells "love").

Here are four strategies for keeping your data secure.

1. Longer is stronger

Many security experts now recommend a minimum of 15 characters, combining letters, numbers and symbols. More characters are necessary because these days a five-character password using these combinations can be cracked in a mere five seconds.


2. Phrase maze

Want to use something really unbreakable, like the pros do? A password such as 63YrS@n%styll&LUVN^Lfe! is long and strong. But memorable? It can be, if you base it on a phrase that you privately choose, such as "63 years and still loving life!"

The key is to stick to a formula — note the different patterns of upper- and lowercase letters in successive words — and to include purposeful misspellings and random characters that break up words.

3. Safe storage

A password cheat sheet is fine, as long as it's not stored on your computer or smartphone; if your device is infected with malware, you're doomed. A pen-and-paper reminder, kept in a safe place, is better. Ideally it will consist of hints rather than actual passwords.

4. Password manager

This software stores all your user names and passwords in one encrypted database. You provide one master password to open the manager; some versions automatically log you in to websites. Products include LastPass, SplashID Safe and 1Password for PCs, Macs and mobile devices.

Sid Kirchheimer is the author of Scam-Proof Your Life, published by AARP Books/Sterling.