Cyber-crime has been gradually increasing in America over the past decade with thousands of cases of ransomware attacks, data breaches and hacktivism plaguing the general population, industry, and even government agencies.

In response, millions of people have adopted and integrated additional cybersecurity best-practices into their daily lives. At the forefront of this effort is a universal emphasis being placed on the indispensability of complex passwords. Complex passwords utilize a random string of alternating letters, numbers and special characters resulting in an elaborate passphrase that is difficult for outsiders to guess or to compromise using modern technology.

Unfortunately, many people are overwhelmed by the process of creating, maintaining and remembering these unique digital keys, and therefore continue to leave their accounts and devices unsecured and vulnerable to potential compromises.

It may come as a surprise to some, but generating quality passwords does not have to be a difficult process. Simple tricks such as utilizing passphrases (lines from a poem or song lyrics), acronyms, abbreviations and shift ciphers are really creative ways to increase the overall security of a password without making the process unduly cumbersome.

For instance, the password ‘Tw0TbgR&R’ is almost impossible for a hacker to guess or to expose using common dictionary attacks, but is actually very intuitive to remember if the origins are known. This password started with the popular children’s song lyrics “The wheels on the bus go round and round,” and with a little modification, became something seemingly unrecognizable.

To begin this transformation, the first letter of each word in the phrase was isolated and the word “and” was replaced with the “&” symbol, leaving the character string: “twotbgr&r.” Since the words “the” and “round” appear twice each in the lyrics, their corresponding letters were capitalized to add additional complexity, making the password: “TwoTbgR&R.”

Finally, to add a number into the mix, the letter “o” was simply replaced with the almost identical looking number “0,” resulting in the complex password: “Tw0TbgR&R.”

To embellish this password further, additional characters can be added or shifted at the discretion of the creator.

Once a favorable password is chosen, it is critical to protect that password accordingly. To do this, there are three very simple rules to follow. First, never write down a password unless it is absolutely necessary because doing so increases the likelihood that it will be compromised, lost or stolen. If a password needs to be written down for some reason, it is a good idea to either lock the written password in a secure repository, or to obscure it in some way to prevent accidental exposure.

Second, it is very important to never reuse or share passwords across multiple accounts (e.g. using the same password for an email account and a social media profile). Although this may seem convenient on the surface, it only serves to decrease the overall security of the password and adds additional risk to all of the associated accounts.

Finally, it is recommended to regularly change passwords for sensitive or critical accounts such as those tied to financial records, e-commerce exchanges, insurance information and medical records. The frequency at which passwords should be changed is open to personal preference, but many experts recommend changing sensitive passwords bi-annually and non-sensitive passwords (such as those used for social media profiles, smartphone applications and online games) annually, at a minimum.

Whereas the importance of complex passwords cannot be overstated in our modern threat landscape, as cyber-criminals continue to evolve their methods and tactics, it becomes increasingly vital for average citizens to exercise a well-rounded cybersecurity posture when using the Internet or other digital technologies.

Utilizing quality passwords is a great first step toward protecting personal data and online privacy, but this effort should always be supplemented with additional security safeguards and reasonable caution.

William Spettmann of Ledyard is a cybersecurity specialist at Electric Boat.