Create passwords that are 12 characters or longer. Mix characters from all groups of lower and upper cases, numbers and special characters. When you create a password, don’t write it down on paper and never e-mail it to anyone. Instead, note it on a password manager software that will encrypt the password and store it safe for you. There are numerous free password manager tools available, and you can choose the one that best suites your needs. You can store your passwords in different locations after encrypting your plain text password with 7-Zip, GPG or a disk encryption software such as BitLocker. Do not store your important passwords in the cloud. If you feel you must write down your password, make sure you don’t label it as a password, and keep it in a safe place.
Passwords should not be the same as (or part of) your username, your name (or company name), or your family member’s, friend’s, or pet’s names. Your password should not include personal information, i.e. birth dates, ID card numbers, social security numbers, phone numbers, postcodes, addresses, etc. This information can be easily obtained by anyone.
Don’t create a password in any sequences like qwerty (keyboard’s keys), abcde, or numbers – 12345. The reverse of these sequences are equally unsafe, i.e. 54321, dcba, etc. It’s not recommended to use any complete common word from any language, even with some substitutions with numbers or special characters. It’s okay to use spaces in your password!
Every time you create a password – make it significantly different from the previous one. Try to change all your passwords for all your accounts twice a year. Never keep the same password for multiple important accounts (i.e. e-mail, web, banking, social networking sites, etc). Change your password as soon as possible when it is (or you think it is) compromised.
Don’t use the “Remember Password” feature in your browser without enabling the “Master Password” option, because anybody who uses your browser (FireFox, Chrome, Safari, Opera, IE) on your computer will be able to see all the passwords, as all passwords saved in Web browsers can be revealed easily as plain text. Do not log in to important accounts on others’ computers, or when connected to a public Wi-Fi hotspot, Tor, free VPN or web proxy.
When traveling, you can encrypt your Internet connections before you leave your laptop, tablet, mobile phone, or router. Set up a private VPN on your own server, home computer, dedicated server, or VPS and connect to it from any location.
You can add an extra layer of security by enabling 2-Step Verification, which requires you to have access to your phone, as well as your username and password, when you sign in to your Google Account. No one can sign into your account if they don’t have your phone. When you sign in to your Google Account, in the “2-Step Verification” box on the right, select Start setup and follow the step by step setup process. Make sure to add an email recovery option as well.