With the new year here, it’s a good time for a refresher on how to make strong passwords and help keep them safe.

With phishing on the rise, ever-present social media hacks, and general security breaches and unsavory shenanigans, it’s just a good idea, and one of our top 10 tech to-dos. In fact, put this one first on your list.

I even got some older relatives to do it this past year, and that was no small feat. So now it’s your turn!

Okay, then… here we go.

Related: Phone trick: How to lock and password-protect notes in your Notes app.

How to make strong passwords and protect them:
Simple tips. You can do this!

Familiar words and phrases are good for life, but bad for passwords. Words like kids’ names, pet names, or a husband’s birthday may be easy for you to remember, but we now know this is kind of like handing over your information to a hacker wrapped up in a bow.

And I’d like to add that while I’m always the first to complain about websites that won’t allow you to create a password they deem “weak,” they’re doing it for your own good. And theirs. If you enter a password that’s not hitting the “strong” requirements, go back and rework it until that thing is green as a shamrock.

Here’s how to get there:

1. Create a strong password by stringing together a random series of words

Completely random letter and number sequences are better than your birthday, but it turns out they’re actually easier for hackers to crack than our recommendation; many spam bots are programmed to spit out random letters and numbers just like that, so 8V6kWxRz may not be the tough password you would think it is.

Instead, create a strong password by using a completely random series of words, each separated by punctuation marks (more on that below).

Bonus Tip: If it’s a password you need to remember yourself because you use it a lot, try a string of common words that only have meaning to you, like your favorite ice cream flavor, college nickname and favorite shoe designer all put together.

2. Strong passwords include a number, a capital letter, and a punctuation mark

If you’re separating words, get those caps and numbers and punctuation marks in there!

sick-cashew-february is good, but S1ck-cAshew-FEbru4ry* is even better.

Alternatively you can make a password from a sentence you can remember like say, We love vanilla Oreos! and then tweak it so only you will know what it means. For example: U&IloveVn0r30s!

(See what I did there?)

Note that some sites won’t let you use certain, lesser used punctuation marks in passwords, like ^ or { but that’s okay — because all of your passwords should be different right? So if you have a thing for ∂, well… you may have to adjust your expectations.

3. Make your passwords at least 8 characters long.

That string of words makes it easy to hit that 8 character limit! Sometimes I find I even have passwords that are too long for a certain website. So I just trim off a few of the last letters and there you go — strong password, right length.

4. Don’t use any version of your name, birthday, social security number, or address in your password

If your birthday is December 11, 1980, you do not want a password like December111980. Or 11December80. Even if you change it up like D3cember111980. That’s playing with fire, and it’s just not worth it.

Or w0rth it.

5. Make sure every single password is different and distinctive. Password vaults can help. 

Experts recommend using different passwords everywhere — and yes, of course that’s a hassle! The hassle is the point!

Enter, password vaults.

I totally fell in love with the 1Password app a few years back and recommend it to eeeeeeveryone. (Note that they’re now an affiliate but we’ve recommended them here for years.) The whole point is…you don’t have to remember all your passwords; just the one you use to get into the 1Password vault in the first place.

It also is terrific for families, since you can connect a family of 5 for less than the price of a coffee each month.

If you’d like other options, our team members and readers are fans of the LastPass Password Manager,  mSecure, and Norton Password Manager I’ve also heard about BitWarden and DashLane but know less about them personally. Take advantage of the free trial periods and see if it works for you. (But really, I can’t say enough good things about 1Password, above.)

Here’s what a good password manager does:

– Auto-generates different passwords for every single login
– Protects all of your passwords in a super-encrypted cloud vault
– Auto fills passwords so you don’t have to remember any but the one to get you into the vault in the first place
– Synchs across all your devices — desktop, iOS, Android, smart watch, even borrowed computers.
– Encrypts other data, like secure notes so you can jot down essential medical, financial or family info of all kinds and know that’s safe too.

Don’t balk at the monthly or annual fees. Whichever one works for you, it’s worth every penny.

6. Change your passwords the second you learn of a breach

One thing I like about 1Password — and I know LastPass does this as well — is that it alerts me to security breaches of any site where I have a login.

I learned at the end of 2020 that there had been breaches I didn’t even know about on Canva, Evite, Chatbooks, and a few other sites including…Facebook. I don’t go into those sites every day so if it wasn’t front page news, I wouldn’t have known for a while.

If you learn of a breach, change your password ASAP! And because you’re already using a distinctive password on each site (right?) you don’t have to go change it on multiple sites.

7. Be sure your partner or a trusted loved one has access to your passwords.

I cannot express this strongly enough: please be sure that your partner, spouse, or trusted emergency contact of choice has access to your passwords.

You can’t imagine the hassle of trying to get access to essential accounts or even a cell phone when someone is in the hospital or has passed away unexpectedly — I’ve been there and you don’t want to be.

Give your partner or best friend or parent access to your device by adding additional fingerprints to your Touch ID — or have them save your main login to your password vault in their own fault in case, heaven forbid, they need access.

Related: Tackle these 10 simple tech to-dos to start the year safer, cleaner, and more organized

You might also write it down in a safe place and let that person know where to find it.

Now to be clear, some security experts suggest that you never to write down your passwords, but there are stories of people getting locked out of their LastPass or 1Password accounts. So I think you’re better off keeping that single password somewhere like a locked notes app page, on a password-protected PDF (that your emergency contact can access) so they can access it — or even so you can, should you go all fuzzy one day. It can happen!

You can also record it manually, say in a Password Log book or a hidden note somewhere — but not attached to your login id or the website. I’ve yet to hear of hackers making their way into the sketchbook in your desk drawer.