Making, updating, and recalling passwords is a vital part of staying safe online, but it can be tricky to do it correctly. A good password is generally long/complex, unique to a given site/account, and changed often. You also want to avoid storing a password in a place that is easy to access by others and avoid "easy" tricks to recall a password (such as including the site name, or your account name, or even your pet's name in the password).
Because of the importance of passwords and the general difficulty in creating them, password security often gets a bit lax even in the most diligent people. And even if you are extra diligent, there is a chance that the online service you are using will be compromised, undoing your efforts. To combat this latter part, working out systems and methods to create good passwords on a semi-regular basis [note: there is usually no reason to change your password every month or so, or anything like that, but it is good practice to consider at least every year or so]. Some tips to help with this process, include:
- DO look over a lists of common/bad passwords so that you can know the kind of passwords to avoid. However, just because your password is not in the top 100 bad passwords lists, does not mean it is good.
- DO make your password longer. Think more in terms of 15ish (or more) characters rather than the minimum 6-8 characters.
- DO add in random elements to your passwords. See Randomly Generating Passwords for ways to do this.
- DON'T rely only on the basic/common tricks as your only step to security. Things already well known by password cracking software and hackers include one-for-one character substitutions (p4ssw0rd), reversing some/all characters (drowssap), or using common misspellings (passwurd). This more so increases the complexity for you than it does for them.
- DON'T use easy/obvious "triggers" to remember passwords, including the site/service name, your account name, your name or the name of your children/pets/etc, birthdays, street address, job title, or personal information directly related to site/service.
- DON'T use common quotes or idioms, DO think more obscure.
- DON'T have all of your password base words/phrases be from the same source.
- DO consider using a Password Manager to store your passwords and take away some of the stress.
- DO consider turning on Two-Factor Authentication to give additional security to your accounts.
- DO learn from your mistakes.
- Finally, DO try various tricks and methods (and modify them some) to find out what works best for you. While most of us could use some chiding to improve our online security and password strength, ultimately it is a good thing that not all of us use the exact same methods to generate good passwords. If all passwords were made in the exact same way, they would be easier to crack. Finding a method of good password generation that feels comfortable to you means you are more likely to keep up the good habit in the future.
Furthermore, think twice before you share any of your passwords. There are reasons to maybe do it, and ways to do it more safely [though never perfectly safely].