Forgot your password? That's because common password advice is bad, experts say

Joel Shannon | USA TODAY

Show Caption Hide Caption When NOT to select the 'keep me signed in’ option You don't feel like entering your password over and over, so you press the “keep me signed in” button. Was that a mistake?

It's hard even for you to remember your password, so you must have a good one – right?

That way of thinking traces its roots to the early 2000s, in now-revoked guidance suggesting secure passwords should feature lots of random characters. But today's cybersecurity experts offer different, more user-friendly advice.

The shift was widely covered in 2017, when a man often called the "father of passwords" said he regretted his earlier recommendations, which previously suggested secure passwords should be complex – filled with variations of letters, numbers and special characters.

Instead, Bill Burr – a former National Institute of Standards and Technology manager – began to recommend using easy-to-remember phrases as passwords, rather than ones filled with "lots of funny characters," CBS reported in August 2017.

Password news: Google will warn you when your passwords are too simple to guess and used too often

The previous guidance came from a different era of computing, cybersecurity expert Curtis Dukes told USA TODAY. People had fewer passwords to remember back then. Hackers with relatively little computing power could be legitimately stymied by a random password. And there weren't many other ways to protect yourself other than having a hacker-proof password.

But over time, the advice led many people to believe that adding confusing characters to the end of a password or transposing letters with similar-looking characters ("pa$$word") would give them an added layer of cybersecurity, according to Dukes, an executive with the nonprofit Center for Internet Security Inc.

But in reality, that's not making you any less vulnerable. It's likely just unnecessarily frustrating you.

What makes a good password? Not having just one

You likely have dozens of online accounts protected by passwords. You should also have dozens of passwords – they just don't have to be difficult to remember.

Repeating passwords is a huge security risk, Dukes said. It means that if one password is compromised in a data breach, you will have multiple accounts exposed to hackers.

The solution: Think of phrases instead of words when setting your passwords.

Sharing your streaming password?: This is how much it's costing Netflix, Amazon and Hulu

You might not be able to remember dozens of passwords that look like "n4^G*E7fg?c=eW~P" (which is an actual password suggested by an online generator). But you have a real shot at remembering, say, dozens of lines from your favorite comedy.

Added bonus: Those phrases are likely pretty long, which is a big part of having a secure password.

That simple switch will make it far easier for you to remember multiple unique, strong passwords, Dukes said.

Passwords are just the first step: Turn on two-step verification

When you're going through all your accounts to update your passwords, opt to turn on two-step verification from any service that offers it, Dukes recommends.

You'll have to confirm your identity before accessing your accounts when two-step verification is activated. It's often done by texting confirmation codes to your phone, essentially meaning a hacker would need access to both your password and your phone before they could access your account.

More tips: How to create passwords that are easy to remember

And while it's possible to hack two-step verification, it's such a challenge that many would-be identity thieves will simply move on to an easier target, Dukes said.

How do you remember all your passwords? Really, you don't have to

While physically writing passwords down is still a bad idea, digital password managers are generally a secure way to keep track of the dozens of passwords you should have.

Pick one with good reviews, and use it to enable you to stop repeating and recycling passwords, Dukes recommends.

Password security: Stop doing these things

Even if you don't do all the above tips, you should certainly stop doing these bad habits, according to Dukes: