The old advice for creating a secure password was to have a random string of upper and lower case letters interspersed with numbers and symbols.
It was something that didn't look anything like a word in a dictionary and that was at least 12 characters long and preferably more like 16 characters. Something like this:
Although that is a 16-character password, there are a couple of problems with it - the biggest of which is that it's incredibly horrible to remember and most people couldn't.
At this point I need to explain that there are ways to measure how good a password is and the best way is something called ‘entropy’. This is basically a measure of the randomness of the characters in a password. You really don't need to understand how that works, but we can use that as a comparison for how strong some sample passwords are. The 16-character password above has an entropy of 77.7 bits.
Being able to remember a password is obviously a major requirement of passwords - otherwise people will write them down and that means someone else could easily find out what they are.
So, instead of the older password advice, there is now some much better password advice which is to select four completely random words that are not related to each other and string them together. So, for example:
I've highlighted the individual words so that you can better distinguish them. I don't think anyone would dispute that this password is much easier to remember than the previous example and it is actually more secure, as it has 93.6 bits of entropy.
Even so, that's not the best we can do with this password and a couple of very simple tweaks will make it much better. Those tweaks would simply be to capitalise the first letter of each word and to include a bit of punctuation like this:
This password is now still fairly simple to remember but has 140.2 bits of entropy, which is approaching twice as secure as the first password I showed.
So, that is how to create a really secure password to keep online accounts and data safe, but I’ve not quite finished. We need to consider that passwords get lost and not just by the user. As the recent eBay hack has proved, even the biggest players on the internet have security problems from time to time and there have been many of these attacks which have revealed passwords.
For that reason, it's really important to have a different password for each account on the internet. I know that's much easier said than done, but there are tools like 1Password.com or LastPass.com which will help to deal with that.
The most important piece of advice I can give, though, is no matter what else you do - make sure to have a completely different and secure password for an email account. Most websites will allow a password to be reset with an email, so if someone can log in to your email, they can probably log in to most of your accounts.