Get the latest tech news How to check Is Temu legit? How to delete trackers
TECH
Amazon.com, Inc.

How to create a strong password

Kim Komando
Special for USA TODAY
Use a combination of letters, numbers and symbols when creating a password.

A strong password is a pain to create, remember and type. That's why far too many people settle for passwords that are weaker and easier to remember than they should. But, strong passwords are essential for keeping hackers and snoopers out of your online accounts.

Fortunately, I know a few good tricks to make passwords easier to create and remember. Before I get to that, though, let's refresh your memory on three critical ground rules for creating strong passwords.

1. Don't make the password easy to guess

Whenever there's a big data breach and user passwords are exposed, security companies always make a list of the most common passwords people were using. In fact, they made one for the Adobe data breach that happened at the end of 2013.

The five most common passwords were "123456," "123456789," "password," "adobe123," and "12345678." You can read the full list here. Yes, I know what you're thinking, "Genius!"

Hackers look at these lists, too, and they have computer programs that can guess common passwords, plus millions of other passwords, in minutes. Even passwords you think are "hard" might not be as hard to figure out as you think. If you want an example, see how easily this Microsoft Research site can guess a password from the first few letters.

The Defense Department's research agency, DARPA, released a study in 2013 that tracked passwords at a Fortune 100 company and found that about half followed five common patterns. Here are three of the most common patterns found in the study:

-- One uppercase, five lowercase and three digits (Example: Komand123)

-- One uppercase, six lowercase and two digits (Example: Komando12)

-- One uppercase, three lowercase and five digits (Example: Koma12345)

These are just things people do without thinking about them. However, if you make a password with any of those common patterns, it makes a password-guessing program's job a lot easier.

Obviously, you shouldn't use those patterns or anything like them. The same goes for using special dates; names of spouses, children, relatives or pets; or any password using the full name of the service you're making the password for.

The strongest password is one that contains a random collection of letters (uppercase and lowercase), numbers and symbols. Of course, that's nearly impossible to remember, but we'll deal with that further on.

2. Make the password 8 characters or longer

Despite what you see in the movies, professional hackers rarely sit down at a computer and try to guess your password; that's usually done by casual snoops such as relatives. Instead, hackers get millions of passwords at once from company data breaches or other sources.

If the breached company is using better security practices, the leaked passwords will be encrypted so they're just a jumble of letters and numbers. However, with enough passwords to compare, hackers can figure out the encryption scheme and decode the actual passwords. In fact, with modern computers, hackers can crack tens of thousands of passwords in mere hours.

Shorter passwords are much easier to crack, so hackers go for those first. The longer passwords take hackers longer to decode, as long as they aren't obvious like "123456789". Hackers scan for the obvious ones first a different way.

Many hackers don't even bother with passwords that are eight characters or longer because it simply takes too long. Of course, as computers get more powerful even longer passwords will take less time, so I would think about making your next passwords at least 10 characters just to be safe.

3. Don't use the same password everywhere

As I said, most hackers don't even try to guess your password. But if they get one of your passwords in a data breach or courtesy of a virus on your computer, they will go after your other online accounts with that same password.

That's why you want a unique password for every account, especially your bank or other finances. If the password a hacker stole doesn't work right away, most will move on to easier targets.

Creating a strong password

In summary, the ground rules for strong passwords are:

1. It has to contain a random collection of letters (uppercase and lowercase), numbers and symbols

2. It has to be at least 8 characters or longer

3. You must use a unique password for every different account

That's a tall order. While something like "Tl|_|,BwwB2R" is really strong, it isn't easy to remember. Or is it? Let me show you how I came up with it.

Start by thinking up a random sentence. You can use a catch phrase, quote or even a song lyric. I chose a lyric from one of my favorite Bruce Springsteen songs: "Tramps like us, baby we were born to run."

I took the first character from each word to get "tlu,bwwbtr". Not bad, but it could be better. So, I added some symbols in place of similar letters. U becomes |_|, the "to" from the original lyric becomes 2. Then, I capitalized a few of the letters to make a strong password that I can easily remember: "Tl|_|,BwwB2R".

Bonus tip: Setting up consistent symbol replacement and capitalization rules for all your passwords helps keep things from becoming too complex.

Once you have that you can tweak the same password for multiple accounts. For Facebook, you could make it "Tl|_|,BwwB2RFB." Amazon can be "AmzTl|_|,BwwB2R." You can make a consistent scheme there as well so you always know how you shorten the company name and where it goes.

Now, if you're like me and have dozens of accounts online, remembering your passwords even using this system can be too much. That's why a password manager like KeePass or Dashlane can be a great help. These keep your passwords secure, and you only need to remember one master password, which you can make really strong using my technique above. These programs can even generate passwords for you, which means they can be truly random and as long and complex as you want. My IT staff uses 20- to 30-character passwords for our most critical systems.

Of course, a secure password doesn't matter if a hacker can bypass it another way. Learn how to create a strong account security question that hackers can't guess. Then head over to my Security Center for everything you need to know to secure your computers, smartphones, tablets, Wi-Fi and online accounts.

On the Kim Komando Show, the nation's largest weekend radio talk show, Kim takes calls and dispenses advice on today's digital lifestyle, from smartphones and tablets to online privacy and data hacks. For her daily tips, free newsletters and more, visit her website at Komando.com. Email her at techcomments@usatoday.com.

Featured Weekly Ad