use passwords that have at least eight characters

Each character increases the protection. 8 characters for a strong password is the minimum, 10 is better and 14 or more – you get the idea…

include numerals and symbols

The greater variety of characters, the harder it is to guess. Use your entire keyboard (go crazy with numbers and symbols) (! @ # $ % ^ & * 1 6 7 8 3 2 6 7).

use lowercase and UPPERCASE

Use a coMbINatIoN of uppercase letters and lowercase letters when possible.

don’t use words that can be found in a dictionary

Be creative. Avoid (combination of) dictionary words in any language.

One often used method by attackers is a brute force attack. The attacker basically tries (using a program for this of course) possible passwords over and over again until they manage to break into the account. Often they use dictionaries (in any language), common jargon, common female names, common male names, names from cartoons, movies, television, Shakespeare, religion, mythology, famous place names – again you get the idea…

don’t use sequences or repeated characters

1234, 2222, asdf, qazwsx, etc

don’t use obvious look-alike substitutions of numbers or symbols

P@ssw0rd, M!cr0$0FT

don’t use your personal information

your birthday, your login name, domain name, company name, etc

it’s good practice to change your passwords every now and then

every month, every three months, every year, every time you change your toothbrush – you get the idea…

don’t store your password in a program (even if the program or browser asks you to)

many web browsers, email clients, and web services offer you to store your password for you so that you don’t need to re-type it each time you log in. Not a good idea… — it is quite easy to recover your password from inside one of these programs. Even some viruses can pick up stored passwords… again not a good idea…

don’t re-use passwords across websites

use a different password for each online account, website service. I know this is hard with the constantly growing list of services that require a password but try at least a variety of passwords.

…and last of all

don’t choose a password you won’t be able to remember!