Not every online account you have is important, or even worth protecting that well, but we all have a handful that are crucial. So how do you pick the best, strongest, uncrackable-est passwords for those four or five accounts that actually do matter?
The obvious and obnoxious approach is just choosing a random jumble of letters, numbers, and symbols in no discernible order. That will definitely make a password strong, but it also makes it annoying and hard to remember. A popular alternative championed by XKCD artist Randall Munroe is to use a series of unrelated words, the logic being that the pure length makes it impossible to brute force even without symbols (unless a service requires that you put them in your password), and that a truly weird and random sequence of words isn't particularly susceptible to an attack that uses words out of a dictionary and a set of rules about putting them in order.
It's a pretty sound strategy according to Computerphile's Dr. Mike Pound, who knows a thing or two about how password cracking works.
Pound's additional advice, while worth hearing out in its entirety, boils down to a few specific points. While the "four words" strategy is sound, there are ways to make it even stronger with minor additional effort. First, make sure you pick strange and weird words. Maybe a brand name or two, or an inside joke word, or a word that doesn't actually exist. And to improve from there, you can make a password instantly much, much stronger by inserting a weird symbol right in the middle of a word.
Ultimately though, good security comes down to management. The best way to be totally secure is to use a password manager like LastPass or 1Password, let it manage your passwords, and then protect it with a hyperstrong password like "butterytwizzlermicrop(hones" or something. That, and turn on two-factor authentication wherever you can.
Good luck out there.
From: Esquire US