Creating a password that is secure but memorable is a tricky business; so much so that no matter how often we hear it, many simply dispense with the bothersome secure bit.
Don't do this, kids. We counsel security for a reason: because a weaksauce password is the fastest way to get yourself good and haxx0red.
SplashData compiled the list from files containing millions of nicked passwords posted online by these haxx0rs. All we can do is shake our heads. Tsk, tsk. We are chagrined that "password" still tops the list.1. password
As we all should well know by now, a combination of upper- and lower-case letters, symbols and numbers — as well as a different password for every account you own — is the best method of creating a secure password, but if you have committed one of these password faux pas or are unsure how to go about creating a secure one, never fear! CNET is here!
There are a number of password-generating tools that will create strong passwords for you. We like the PCTools one — it allows you to set a variety of parameters in order to comply with any website's password policy.
The Wolfram Alpha search engine provides a similar service; simply enter "strong password" into the search box to navigate to its generator. Both of these tools generate genuinely random passwords, which are a lot harder to crack than your birth date or your dog's name.
The problem is that such passwords are really difficult to remember. One solution is a password manager, such as KeePass. KeePass stores all your passwords in an encrypted database, which can only be unlocked by your master password. As well as compatibility with PC, Mac and Linux, there are BlackBerry, iPhone, PalmOS, Windows Phone 7 and Android apps available for it, too — this cross-platform portability makes it super-convenient.
If you're the kind of person who trusts a product more if you pay for it, 1Password is a highly regarded, one-off payment password vault that works across PC, Mac, iOS and Android.
If, at the end of the day, you still prefer to create your own passwords, at the very least you can test their strength.
Microsoft has an HTTPS password tester online that allows you to enter your password. The green bar will fill up according to your password's strength — red for "terrible" and green for "you may proceed".
Not everyone trusts Microsoft, though. An alternative is LBW-Soft's Password Review. Not only does this online service check your password, it also breaks down where it fails in detail, so that you can address those areas if you so choose.
Or, finally, there are always the wise words of Randall Monroe ...
Keyhole Red photo by alicia rae, CC BY-SA 2.0