The longer a password is, the harder it is to guess or to find by trying all possible combinations through a brute force attack. Passwords of 14 characters or more are vastly more difficult to crack.
Use different types of characters.
Include numbers, punctuation marks, symbols, and uppercase and lowercase letters when choosing your password. On mobile devices that are not designed for easy special character input, consider using longer passwords with different characters.
Don’t use dictionary words.
Don’t use words, names or place names that are usually found in dictionaries. Hackers can use a dictionary attack (i.e., testing all the words in the dictionary automatically) to crack these passwords.
Don’t use personally identifiable information.
Other people are likely to know information such as your birthday, the name of your partner or child, or your phone number, making these types of passwords much easier to guess.
Don’t use your username.
Don’t choose a password that is the same as your username or account number.
Use passwords that are difficult to identify as you type them in.
Make sure that you don’t use repeated characters or keys that are located close together on the keyboard.
Consider using a pass-phrase.
A pass-phrase is a string of words, rather than a single word. Unlikely combinations of words are more challenging to guess.
Try to memorize your password.
Try to memorize your password rather than writing it down. Use strings of characters that are meaningful to you, or use mnemonic devices to help you recall the password.
Reputable password management programs can help you choose unique passwords, encrypt them and store them securely on your computer.
If you write down your password, keep it in a secure place.
Don’t keep passwords attached to your computer or in any easily accessible place.
Use different passwords for each account. This is way, if a hacker cracks one of your passwords, at least only one account has been compromised.
Don’t tell anyone else your password.
Never disclose your password, even if the request appears to be from a trustworthy institution or someone within your organization. This could be a phishing attempt.
Don’t use your password on a public computer and change your passwords regularly.
Don’t enter your password on a public computer, such as in a hotel or an internet café. Such computers may not be secure and may have keystroke loggers installed. And the shorter or simpler your password is, the more often you should replace it.