Your passwords are like the keys to your life. And when it seems like there’s another big security breach every week, you want to be absolutely sure your passwords are strong and safe. After all, with just a few keystrokes, a scammer can have full access to your personal information, financial accounts, social media pages and so much more. 

But creating those perfect passwords – and remembering them – can be difficult. 

Below, we’ve outlined 6 steps for creating and keeping super-strong passwords that will keep scammers guessing. 

Step #1: Choose a password manager 

With so much of our lives accessible online, it’s more important than ever to keep passwords secure. The best way to do this is to use a password manager. These services will generate strong passwords for all of your financial accounts, favorite websites and social media platforms and then keep them safely encrypted. You will only need to create and memorize one master password, which you will use when logging into all of your accounts. 

There are lots of password managers on the market, but the ones that come most highly recommended are 1password, Lastpass and Keepass. 

1Password and LastPass are both cloud-based services, and can be vulnerable to remote attacks. However, both services heavily encrypt your data and don’t store your one master password in the cloud. As long as that password is strong, you’ll be safe even if these services get hacked.

Step #2: Create an unbreakable master password 

Once you’ve chosen your password manager, create a strong master password. This code can open up every password of yours to potential scammers, so be extra careful about choosing one that is super-secure and virtually unbreakable. 

Scammers are becoming increasingly more efficient at password-cracking. They use multiple dictionaries which include English words, names, foreign words, phonetic patterns and more. They look for dates, commonly used substitutions, like “$” for “s,” “@” for “a,” and they run their dictionaries with various capitalizations. 

Follow the rules below and you’ll have a strong password. 

• Make it long. Many sites require a password that is a minimum of 8 characters long, but a 12-character password is even stronger.
• Be creative. Avoid using names, places and recognizable words because these are easily cracked.
• Mix it up. The best way to keep your password unbreakable is to mix up your capitalization and the kinds of characters you use, switching back and forth from letters to numbers to symbols.
• Don’t use any of variation of these commonly used – and commonly hacked – passwords:

• 123456123456789
• Passwordadmin
• 12345678qwerty
• 1234567111111
• 1231231234567890000000
• Abc1231234
• iloveyouaaaaaa

If you’re unsure about your password’s strength, you can run it through an online password checker.

Bonus tip: Worried about creating and remembering a long, unbreakable password? Turn a sentence into a password by using mnemonics, misspelled words and symbols that only you will understand. Here are a few to get you started:

• WOO!TAwonTWS = Woohoo! The Astros won the World Series!
• D:’(OspldMlk.JdreenqOJ = Don’t cry over spilled milk. Just drink orange juice
• 1tubuupshrtsin2Mpnts = I tuck button-up shirts into my pants.

Once you’ve created a super-strong master password, work on memorizing it. Don’t store the password anywhere online or on your phone; write it down on an unmarked piece of paper. Rip up the paper as soon as you’ve committed the password to memory. This should happen fairly quickly since you will be using it quite often. 

Step #3: Update all your passwords 

Next, you’re going to sync all the websites and accounts you use with your password manager. Follow the guidelines on your password manager for this step, as they differ with each service. 

When you’re through, you’ll only be able to log into these sites by using your master password. 

Some sites you use might employ outdated systems that won’t work with a password manager. For these sites, you will need to use different passwords. You can slightly amend your master password for these sites or create new ones using the guidelines above. Never double passwords; use a different one for every site you use. 

Step #4: Use two-factor authentication 

Add another layer of protection by choosing two-factor authentication whenever you have that option. 

Step #5: Be careful with security questions

Ironically, security questions are extremely insecure. Anyone can Google your dog’s name or your mother’s hometown. And, if all a scammer has to do to retrieve your password with the “I forgot my password” tab is answer a security question, the strongest passwords in the world won’t do you any good.

Protect yourself by treating security questions like passwords. Never answer them truthfully. Instead, make up mnemonics or nonsensical answers that are hard to crack but easy for you to remember.

Step #6: Don’t let your browser or phone “remember” your passwords 

Don’t be lazy; keep your passwords in your head and not on your devices. Otherwise, you’ll be in deep trouble if your computer or phone is swiped. 

Keep your passwords strong and safe. You don’t want to be an easy target for scammers!