You’re doing your passwords all wrong.
So says the developer of the guidelines most internet users have been following for 15 years, anyway. Passwords that L00K l!ke tHi$ are actually much more susceptible to hacking than most people realize, says Bill Burr, former manager of the National Institute of Standards and Technology (NIST) and author of the NIST’s 2003 recommendations for password management.
In an interview with The Wall Street Journal, Burr said that his previous advice to use numbers, symbols and randomized capitalization resulted in people creating passwords that are easy for computers to predict.
A more secure option is to use four random words, such as “that purple monkey dishwasher.” Such a phrase is actually much more complicated for computers to guess, The Wall Street Journal reports. (Cartoonist Randall Munroe explained the math in a comic six years ago.)
Some password advice remains relevant, however: avoid using birthdays or anniversaries, your kids’ names or your address, as all of this information is easy for hackers to locate. Additionally, use different passwords for each of your accounts and avoid storing them where they can be easily seen or stolen.