How To Create An Unhackable Password (& Remember It)

If your birthday, your hometown, the number sequence 1234, or any phrase on this list are part of any of your online passwords, consider this piece a must-read. In recent years, more than a billion people have been the victim of cyberattacks, through both high-profile breaches of companies such as Target and eBay, and compromised individual accounts. Why do so many of us get hacked? Basically: The password sucks. There's a good reason Apple, Samsung, and other manufacturers have added fingerprint identification to their phones on top of a passcode. "It's not hard for attackers to crack a password," says Bob Lord, Yahoo's Chief Information Security Officer. On top of that, we make our own mistakes. "People use the same password from site to site and choose simple passwords," he says. Fortunately, there are steps you can take to better protect your info. Here's what you need to know to create a stronger, safer password.

The longer, the better.

Most sites will require you create a password that's eight to 12 characters long, and you should always opt for 12, Lord says. Also, be sure to include upper and lower case letters and special characters (go ahead and throw a hashtag in there). Some experts advise against using full words; others go so far as to recommend concocting a random iambic pentameter poem for your password, if you have a lengthy character limit.

If it's on Facebook or Instagram, skip it.

Never create a password using information that's available on the public record, says Jeremiah Grossman, the founder of tech security company WhiteHat Security. This includes anything you've tweeted or posted about on social, from your dog's name to your hometown. Nevertheless, "you still want it to be something memorable," Grossman says. His suggestion? Take a line from your favorite movie, turn it into an acronym, and alter letter cases.

Keep it unique.

Using the same password for multiple sites is definitely tempting (who wants to remember 50 million passwords?), but dangerous. "The bad guys will hack a password for some random account to gain access to things you do care about," Grossman says. What accounts matter? "The most important password is the one for your email account," says Kevin Haley, the director of the security software company Norton by Symantec. Unless you have a joint account with your spouse, any password you create is for you and only you. The more you share, the more at risk you are for getting hacked. Scarily enough, Norton research has found that 36% of millennials share passwords.

Use a password manager.

If you're following these guidelines for every app and site you have an account on, you'd have to be an Einstein to remember every password you came up with. That's where a password manager comes in — and it's a must. Options include LastPass, 1Password, and Norton Identity Safe. In addition to creating a strong password for you in the first place, these will store your passwords, and automatically fill them in the next time you log in to your accounts.

Always opt for Two-Factor Identification.

Google, Yahoo, Facebook, and Instagram (among others) all offer two-factor authentication now. To use it, enter your password, and then a code is sent to you via text or email, which you then input before being granted access to your account. You usually don't need to do this every time — only from a new device, or when authentication expires after a few weeks. This additional authentication is always a smart choice, Lord says, since it's unlikely hackers will have access to both your password information, and have your phone physically in their hand.

Pick the obscure security questions.

Just as you don't want to include public information in your password, you don't want to pick a security question or answer combo that someone could search for, Lord says. Yes, this means your mother's maiden name and the name of the street you grew up on are out. Pick a more obscure question, or better yet, answer a question with the "wrong" response. Choose "What is your favorite place to eat?" and then answer it with the name of your first pet instead, or the name of a made-up restaurant. The trick here is to be consistent, though, otherwise you'll just end up confusing yourself down the line.

This is too much effort.

If you're a lazy girl and all of this is just too much — can't I just do one of these? — go with two-factor authentication. It's your biggest safety bang-for-your-buck. But you do need it on all of your important accounts.