Nearly everyone has dozens of different online accounts, and an equal number of usernames and passwords to match. It’s easy to fall into the habit of creating a password that’s super simple to remember, or using the same one across multiple sites. But did you know that your password habits could be making it easier for potential hackers to gain access to your password-protected accounts?

According to The Globe and Mail, just by editing a password to have a mix of capital and lowercase letters rather than all lowercase can change the amount of time a hacker needs to figure out your password from only 7 hours to 83 days. That’s a huge difference for only mixing in a few capitals.

That said, you’re probably wondering how you can make your own passwords as secure as they can be. We met with one of our cyber protection experts at ATB, Anne-Marie Lambert to find out her top five tips to creating safe and secure passwords for your accounts.

1. Longer is better

The longer your password is, the more time it takes to hack into, as the amount of possible combinations of letters, numbers, etc. increases every time you add on an extra character. Your password should be at least 8 characters long to increase the security of your password. In this case, more is definitely better.

2. Craft your password to include a mix of capital letters, numbers, and special characters

Using a mix of capital letters, numbers, and special characters increases the security of your password, even if they’re just added on at the end. This further increases the number of potential combinations hackers need to run through to guess it. Special characters include symbols like !, ?, as well as &. If you’re having trouble remembering a password with numbers in it, you can replace letters in a dictionary word password with numbers - such as changing “hello” to “he110” - to make things a little easier for you.

3. Stay away from dictionary words

Dictionary words are some of the easiest for hackers and hacking software to guess, since they can run through the dictionary for possible passwords. If you can’t remember complicated mixes of numbers and letters and feel like you need to use dictionary words, try to use longer password phrases of dictionary words. Often times they’re actually easier to remember while also being harder to guess, especially if numbers, capitals, and special characters are mixed in. For example, you could start with a phrase like “mycompanyisthebest” and edit it with numbers and capitals to craft a strong password.

4. Change your password often

Now that you have your password solidified, you have to be aware of how often you should change it. In general, a password should be changed or adjusted approximately every 30 days. This doesn’t mean you have to come up with a whole new password, however; just by adding or changing existing numbers and symbols, or editing which letters are capitalized can be enough of a change to make your existing password almost like new.

5. Use a password manager

Even though you now have a great password, you should avoid using it for everything, and avoid writing it down. Even the most secured book of passwords has the risk of falling into the wrong hands. Instead, utilize password manager plug-ins and apps, which can not only generate strong passwords for protected sites that you visit, but also stores your passwords in an encrypted database that is only accessible through a master password. This way, you only have to remember one password instead of hundreds.​​​