Unfortunately, the most commonly used passwords are still 123456, password and azerty. A date of birth, proper name or a word from a dictionary can be cracked in no time. Therefore, choose a strong password that consists of at least eight lower-case letters, upper-case letters, one or more numerals and even a punctuation mark or symbol. So, for example, choose BaTmAn24! rather than batman24.
You can make things much more difficult for hackers by using a simple trick. By replacing certain letters in your password with numerals, for instance. Change an e into a 3 or an a into an @. That will make it easy for you to remember and you create a word that doesn't exist. You could for example replace superman with Sup3rM@n!.
Another frequently made error is always using the same password for an nth number of different services. That's not very smart. Do you find it hard to use different passwords all the time? In that case, use this trick: choose a strong password such as Sup3rM@n! and place the first letter of the service for which you are using the password in front or after your password each time. Your password for Facebook would then be FSup3rM@n!, while for Twitter you would use TSup3rM@n!.
Writing down a password is truly the dumbest thing you could do. Instead, try to commit just one password to memory and, as recommended in the previous tip, place the first letter of the relevant service in front of it or after it. Do you want to note it down somewhere after all? In that case, write it down in the reverse order, store it in a safe or use software such as 1Password.
Most large services – such as Dropbox, LinkedIn, Gmail, etc. – enable you to use double authentication or authentication in two steps. Thanks to this extra protection, a hacker cannot do anything if he/she gets hold of your password. After all, once you have set up double authentication, and after you have entered a password, the application asks you for a verification code. You receive that code free of charge by SMS or telephone and it is only valid for a limited number of seconds. This means that an ill-intentioned person needs to have not only your password but also you phone in order to obtain your data.