LUBBOCK, Texas — February 1 is National Change Your Password Day. So how do you get it right?

The password “123456” is still used by 23 million account holders. Don’t do it that way.

Avast suggests making passwords long — 15 characters or more, use special characters like $ or % and avoid easy-to-guess words or phrases.

“Think of a random sentence and transform it into a password,” Avast said. “For example, taking the first two letters of every word in “The Old Duke is my favorite pub in South London” would give you: ThOlDuismyfapuinSoLo.”

“To anyone else, it’s gobbledygook, but to you it makes perfect sense,” Avast said. It’s by no means the only method.

Key password statistics

53% of people rely on their memory to manage passwords.

51% of people use the same passwords for both work and personal accounts.

57% of people who have already been scammed in phishing attacks still haven’t changed their passwords.

71% of accounts are protected by passwords used on multiple websites.

29% of internet users have more password-protected accounts than they can keep track of.

90% of internet users are worried about getting their passwords hacked.

The password “123456” is still used by 23 million account holders.

33% of account-compromise victims have stopped doing business with companies and websites that leaked their credentials.

(James Clark contributed to this report.)