Or maybe “How many times have you had to click the ‘Forgotten your password?’ button on a website?” would be a better question. According to the traditional advice — which is still good — a strong password:
Has at least 12 characters: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.
Includes symbols, numbers, capital and lower-case letters: Use a mix of different types of characters to make the password harder to crack.
Isn’t a dictionary word or combination of dictionary words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
Doesn’t rely on obvious substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.
As I said, all good advice. But with the plethora of websites that you probably have accounts for, there’s simply no way to easily remember every single password. Here’s a system I use and have found easy to remember:
1. Choose a set of groups of characters, for example 4 letters + 3 digits + special character + 2 letters. Make it something that you can easily commit to memory but would be difficult for anyone else to guess. For example, the digits could be from the number plate of your long-gone first car.
2. Make the first group the ‘label’ for the website you’re on, and make it a fixed combination of upper and lowercase. For example, to remember your Instagram password using the formula above, the first group of letters might be “inSt”. This is the only variable. The rest of the formula is identical for every website you use, meaning you only need to remember one password with one variable element to it.
But doesn’t this mean a hacker could use the same formula to get into all your online accounts? Well, no. Hackers use software, they don’t sit and manually type in password attempts over and over again until they find the right one which they can then repeat. It’s up to you to decide if you want to use this method for online banking but it’s certainly safe enough for social media and other non-financial websites.
Of course, there are other more secure methods you can use but this is one that I’ve found works for me.