Make your password as long as possible
The longer a password is, the harder it is to guess or to find by trying all possible combinations (i.e., a brute force attack). Passwords of 14 characters or more are vastly more difficult to crack.
Use different types of characters
Include numbers, punctuation marks, symbols, and uppercase and lowercase letters. On mobile devices that are not designed for easy special character input, consider using longer passwords with different characters.
Don’t use dictionary words
Don’t use words, names or place names that are usually found in dictionaries. Hackers can use a dictionary attack (i.e., trying all the words in the dictionary automatically) to crack these passwords.
Don’t use personal information
Other people are likely to know information such as your birthday, the name of your partner or child, or your phone number, and they might guess that you have used them as a password.
Don’t use your username
Don’t use a password that is the same as your username or account number.
Use passwords that are difficult to identify as you type them in
Make sure that you don’t use repeated characters or keys close together on the keyboard.
Consider using a passphrase
A passphrase is a string of words, rather than a single word. Unlikely combinations of words can be hard to guess.
Try to memorize your password
Memorize your password rather than writing it down. Use a string of characters that is meaningful to you, or use mnemonic devices to help you recall the password. There are good free programs available that will help you manage your passwords.
Reputed password management programs can help you choose unique passwords, encrypt them and store them securely on your computer. Examples include KeePass, RoboForm and 1Password.
If you write down your password, keep it in a secure place
Don’t keep passwords attached to your computer or in any easily accessible place.
Use different passwords for each account
If a hacker cracks one of your passwords, at least only one account has been compromised.
Don’t tell anyone else your password
If you receive a request to confirm your password, even if it appears to be from a trustworthy institution or someone within your organization, you should never disclose your password (see Phishing).
Don’t use your password on a public computer
Don’t enter your password on a publicly available computer (e.g., in a hotel or Internet café). Such computers may not be secure and may have keystroke loggers installed.
Change your passwords regularly