Anytime I forget something, I rationalize that what I’m really doing is clearing out space to allow new information to be stored in my brain. It’s a bit like cleaning off my desk or deleting cookies from my computer.

The most irritating forgetfulness is when I can’t remember that “perfect” password I set up for a particular website. At the time I created it, I was sure I’d remember it. Instead, I have to repeat the site’s entire security process to regain access. With so much of my role at Vanguard revolving around information security—and with so much of my life online—this can be distressing, and it’s a major inconvenience.

It can be tempting to streamline the number, length, and variety of passwords we use. But a recent New York Times article highlights the danger in this approach, and demonstrates the lack of awareness of those sailing around the Internet. Based on a new study of 32 million social-networking passwords stolen by a hacker and promptly posted on the Web, many people continue to favor easy-to-guess passwords—including the word “password”!

Have you ever used “abc123”? Or run your fingers across the keyboard and wound up with “qwerty”? You’re not alone. In this study, the most common password was “123456,” followed by “12345.” What’s more, 20% of this large sample (640,000 people) chose one of the top 5,000 passwords. That makes a hacker’s job a lot easier.

Fortunately, there are ways to protect yourself with distinct, memorable passwords. Some of the basic rules to keep in mind:

• The longer the password, the better.

• The greater the combination of uppercase and lowercase letters, the better.

• The more numbers and punctuation marks, the better.

• The more random, the better.

But, of course, for a password to be useful, you have to actually remember it! With that in mind, an FTC report on identity theft suggests using the first or last letters of each word in a familiar phrase.

For example, think of a line from a poem you might have memorized in school, such as “Listen my children and you shall hear …. ” Your password might be “Lmcaysh.” Or is there a phrase you remember your parents using? I’ll never forget “As long as you live in my house … ,” which gives you “Alaylimh.” Either way, you get a lengthy, hard-to-guess password that uses both uppercase and lowercase letters.

Adding numbers or punctuation is also advisable. Consider throwing in a memorable year—”1775:Lmcaysh,” for example, or “Alaylimh-1974.” And for even greater security, you might replace certain letters with numerals that resemble them, or vice versa, such as zero for the letter O, or S for the number 5.

It’s even better if your numerals, punctuation, and uppercase letters are distributed randomly throughout the password—”L:mCay5H177S,” anyone?—but we’re going for memorable, so don’t go overboard.

Whatever approach you choose, the key is to come up with passwords that seem random, yet are easy for you to remember. With a little creativity, you can help keep yourself from being one of the countless millions of Internet users who are practically inviting hackers to wreak havoc on their lives.

Note: The link to will open a new browser window. Vanguard accepts no responsibility for content on third-party websites.