Passwords are a common form of authentication and are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or crack passwords. By choosing good passwords and keeping them confidential, you can make it more difficult for an unauthorized person to access your information.

How to choose good passwords

Avoid common mistakes

Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to crack them. Consider a four-digit PIN. Is yours a combination of the month, day, or year of your birthday? Does it contain your address or phone number? Think about how easy it is to find someone’s birthday or similar information. What about your email password—is it a word that can be found in the dictionary? If so, it may be susceptible to dictionary attacks, which attempt to guess passwords based on common words or phrases.

Although intentionally misspelling a word (“daytt” instead of “date”) may offer some protection against dictionary attacks, an even better method is to rely on a series of words and use memory techniques, or mnemonics, to help you remember how to decode it. For example, instead of the password “hoops,” use “IlTpbb” for “[I] [l]ike [T]o [p]lay [b]asket[b]all.” Using both lowercase and capital letters adds another layer of obscurity. Changing the same example used above to “Il!2pBb.” creates a password very different from any dictionary word.

Length and complexity

The National Institute of Standards and Technology (NIST) has developed specific guidelines for strong passwords. According to NIST guidance, you should consider using the longest password or passphrase permissible (8–64 characters) when you can. For example, “Pattern2baseball#4mYmiemale!” would be a strong password because it has 28 characters and includes the upper and lowercase letters, numbers, and special characters. You may need to try different variations of a passphrase—for example, some applications limit the length of passwords and some do not accept spaces or certain special characters. Avoid common phrases, famous quotations, and song lyrics.

Dos and don’ts

Once you’ve come up with a strong, memorable password it’s tempting to reuse it—don’t! Reusing a password, even a strong one, endangers your accounts just as much as using a weak password. If attackers guess your password, they would have access to your other accounts with the same password. Use the following techniques to develop unique passwords for each of your accounts:

  • Use different passwords on different systems and accounts.
  • Use the longest password or passphrase permissible by each password system.
  • Develop mnemonics to remember complex passwords.
  • Consider using a password manager program to keep track of your passwords. (See more information below.)
  • Do not use passwords that are based on personal information that can be easily accessed or guessed.
  • Do not use words that can be found in any dictionary of any language.

Source and more info please see – https://www.us-cert.gov/ncas/tips/ST04-002