John Oliver has such an awesome way of breaking down the complicated fine print of everything from sugar to U.S. Territories. The second season of Last Week Tonight is already off to a viral start. One of his latest triumphs in his quest to inform us in the most entertaining way possible was an exclusive interview with none other than ex-NSA employee Edward Snowden.

Snowden knows all about what we think is private and what’s actually private online, and guess what? Your top-secret password “drowssap123” isn’t fooling anyone. If you really want to protect yourself online as much as you can, you’ll want to take these Snowden-approved tips on creating a tough password.


1. Your “Typo” is Not a Secret: First of all, do not for any reason use any variation on the word “password.” Any password program will totally laugh at you as it hacks right past it. In fact, any slight variation of common words are best avoided because programs are built to search for those too. Also, no matter how hip, replacing “to” with “2” isn’t top secret either.


2. Go Beyond 8 Characters: Your standard last name + address just won’t cut it. The more characters you have a in your password, the stronger it can be. And no, that doesn’t mean that you’ll have to include a bunch of asterisks and ampersands.


3. Passphrases, Not Passwords: To make your password longer and more unique, think in full phrases rather than single words. Snowden gave the example, “MargaretThatcheris110%SEXY.” Including capital letters, spaces and symbols is nice, but the key is that it’s unique enough to remember and not so easy that it’s in the dictionary.

Joseph Bonneau, a postdoctoral cryptography researcher at Stanford, went even further than that to say that the Thatcher passphrase is borderline secure, but length doesn’t totally equal security. Keep your words as random as possible for more of an edge. Like, “It was the best of times, it was the worst of times” probably is not a good idea.


4. Change Them Often: Snowden didn’t touch on this, but we’re sure he’d approve of not letting your passwords go stale. There are programs to help you change your passwords quickly and easily, like Dashlane. You can mass-update your passwords frequently and create super secure auto-logins so you don’t have to re-type them every time.

How do you stay safe online? Share your tips (but not your passwords) in the comments!