Sometimes when I’m working on web-based projects, I’m given clients’ passwords for web hosting, website logins, emails, and sites like mailchimp.com. Many of these passwords are frighteningly insecure; a lot of them could be guessed within 3 or 4 tries.

The most common password I’ve seen, by far, is “yourname1″ (e.g. “emdash1″). I’ve seen this 3 or 4 times now, or variations thereof (e.g. “yourbusinessname1″). Often when signing up for a web service, you’re told you have to use a number in your password… hence, people tack a 1 onto the most easily-guessed password of all.

If you’re using this password formula, stop right now! Develop your own secure password.

A good password has upper and lowercase letters, some numbers, and even some punctuation (though some sites still use letters and numbers only.) While emdash1 is a terrible password, something like 3dmAw54u! is a far better one.

“But Em Dash,” you say, “I’ll never remember something like that!”

Here’s where I use a formula when devising passwords. Come up with a phrase in English. Mine was “Em Dash makes awesome websites for you!” Now take the first letters of each word. EDMAWSFY*. Can any of those words be letters instead to simplify, as per a Twitter trending topic? (Yes, in my case, “for” can become “4″, and “you” can become “u”.) Now we’re at EDMAWS4U. Next, substitute letters for numbers (à la leetspeak) for a couple characters. Alternate lower and uppercase, add some punctuation, and you’ve got “3dmAw54u!” for a password. Bonus: you can remember it easily, by remembering your special phrase.

You can also take a word without an easy English equivalent (a name, a place, or a nonsense phrase from your childhood) and add leetspeak and alternating case. For example, Nazookitty becomes nAzo0-k1tTy.

Change your passwords once every couple of months.

*Yes, I know, I split “websites” into two words. Bad Em Dash.