The most important thing is to make sure you don’t use a normal word. Hackers already have tables of all the dictionary words pre-encrypted called a Rainbow Table. When they steal the password table from a website, they compare the encrypted passwords with the passwords in their rainbow table to find the original password. All these goofy password rules are to make sure you’re not typing a regular word as a password.
But some enterprising hackers have created rainbow tables of all 8 character and less lowercase passwords. So it doesn’t matter if your password is ‘password’ or ‘adieiqoq’, it’s just as easy for that hacker to break. By adding capital letters, numbers and symbols, you’re making the hacker’s job harder since the table has to get so big to account for all options.
So at this point, ccmmyykk is not really a secure password. Add some special characters in there so it can’t be reversed so easily.
But the most important thing about passwords is: DO NOT USE THE SAME PASSWORD ON MULTIPLE SITES!!! If you have unique passwords, then the worst thing is that the hacker could login to the site he hacked. But if you have common passwords, then the hacker can try the same login on other sites like facebook, gmail, etrade, banks, etc.
Some sites don’t even encrypt the password. Whatever you type in is stored in the database. When the hacker steals the database, they have your login, email, and password in the clear. So even if you have a super complicated password like ‘$Ia)0192w1=’, a hacker may discover it from a site with poor security.
So this means you need unique, goofy passwords for each site. Try to come up with passwords that incorporate part of the domain and user name. Figure out some pattern that works for you. So my password for this site could be something like f1ilst2r. On CNN it might be f1ilcn2n, etc.