The 21st century is a great time to be a criminal. Unlike outlaws of old – Billy the Kid, Bonnie and Clyde, Al Capone – today’s criminals can steal your name, all your money, your identity and your economic life without ever brandishing a knife or a gun.

The Identity Theft Resource Center found over 16 million Americans were victims of identify theft in 2012, costing nearly $25 billion – four times more than losses from burglary and theft. The Internet Crime Complaint Center confirms that men and women are equally at risk, with the 20 to 59 age group filing nearly five of every six complaints (82 percent).

Your first line of defense is creating strong passwords and changing them frequently. Securing your bank and credit card info, protecting your SSN and locking down your medical accounts becomes even more critical following revelations by Harvard Professor Latanya Sweeney at DataPrivacyLab.org. She has demonstrated the ease of using only your date of birth, gender and ZIP code to cross-index and recover your name, phone, address and other personal information from a myriad of publicly available databases. Online crooks can’t be far behind.

Splashdata.com, a maker of password management apps, tabulated the 25 worst passwords people used in recent years. The #1 most popular worthless password is: “password.” The second worst: “123456.”

Strong passwords are typically eight or more characters long; contain both upper and lower case letters; one or more numbers; and, if the login service allows, one or more special characters. Thus, something like qZ4$h90qX# appears strong. However, it only scores a “Medium” rating at Microsoft’s Safety and Security Center.

Worse yet, no one wants to memorize meaningless, random passwords for dozens of sites.

  1. The National Institute of Standards and Technology (NIST) recommends creating a “base” character string that you can utilize to make strong passwords. Choose something easy to remember. For example, if your favorite song is “Call Me Maybe” by Carly Rae Jepsen you might use the song title to create the base for a strong password.
  • Use only the first occurrence of each letter to create the “base.” Call Me Maybe becomes : CalMeyb.
  • Use the letter beginning each syllable of the site name. For Megabank (Me-ga-bank) you have Mgb. Join the two strings and you have CalMeybMgb. Using the first letter of each syllable for the site or company name allows you to use the same “base” (CalMeyb) across many sites.
  • Add a special character and a number that’s meaningful to you before, after (or in between) the two segments to result in any of these: #82CalMeybMgb, CalMeybMgb!82 or CalMeyb$82Mgb.
  1. You can create strong passwords with pass-phrases. They’re easier to remember, and don’t require any mental gymnastics. If your dog Brutus eats Purina Pro Plan dog food, create a meaningful sentence such as: “Brutus really loves his Purina Pro Plan.” Now use the first letter of each word to obtain: BrlhPPP. Or, use the first vowel in each word (ueoiuoa). Add a meaningful numeric and special character and perhaps use the per-syllable approach to make it unique to the site in question.
  2. The very strongest passwords come from long strings. Using upper and lower case letters plus 10 digits, you have 62 characters available. Adding 10 special characters yields 72. With a four-character password, you can create 30 million possible passwords. Simply doubling the length to eight characters yields 700 quadrillion. Length matters far more than complexity.

Learn more about password strength, cracking, guessing and management at NIST.gov.