Download Article
The definitive guide to making strong passwords
Download Article
For almost every account that you make online, you are required to make a secure password. Choosing one that's difficult for others to figure out requires the creation of unlikely letter and number combinations. Fortunately, crafting hard-to-crack and easy-to-remember passwords is pretty straightforward.
Steps
-
Choose a password that no one will easily guess or hack. Don't use a word or phrase of special importance to you—like a birthday or family member. That's the kind of information that can be discovered by someone doing a little digging.
- Also, do not use default passwords, as they are easily cracked. Some default passwords include password , password123 , 1234 , admin , and guest , among others. These can be found across the internet.
-
Do not share passwords. This is an open invitation to your online accounts, and it's often exploited to accomplish online identity theft.Advertisement
-
Make sure your password is long. It should be at least eight-to-10 characters long, and longer passwords are even more secure. Some sites or applications may limit the password length, however.
-
Use at least one capital letter and one lowercase letter in your password. The capital and lowercase letters should not be grouped together. Mixing them up makes the password more difficult to predict. This kind of strategy might lead to "JeCaMiJe_" in the first example or "HouseOnSpooner#1500" in the second example.
-
Use spaces in your password. Many password systems don't allow actual spaces, but it can be useful to insert one into the middle of a password with systems that do. Alternatively, an underscore "_" or two can serve a similar function.
-
Generate similar but distinct passwords for separate accounts. You can use similar base words to help you remember your passwords easily without making them too easy to crack. So "JeCaMiJe_" might be modified as "my kids JeCaMiJe," "HouseOnSpooner#1500" might become "1500*my first House On Snooper."
-
Make sure your password is written down and kept in a safe place. Choose a location away from your computer (and from prying eyes), but make sure you can easily access it. If you forget your password, you can retrieve it without much trouble.
- When writing your password down, consider coding it with an offset pattern to make your password more difficult for others to decipher. Thus ri7%Gi6_ll might be written as 2tk9&Ik8_nn (where the offset for the coding is indicated by the first character, in this case +2). This would mean that each subsequent coded character is two alphabetical letters or numbers greater than the actual password character.
Advertisement
-
Create a sentence or phrase as the basis for your password. This is a useful starting point for making a password that's complex and difficult to guess while easy for you to remember. Also remember that your password should ultimately be lengthy (at least eight to 10 characters) and include a wide variety of character types (upper and lower-case letters, numbers, spaces or underscores, etc.). While you should stay away from personally relevant information that others could easily identify, it's still convenient to create a password that you can recall without much trouble. Crafting a statement or sentence that will stick with you can serve as a useful basis for your password.
- One example of a mnemonic device is the Person-Action-Object (PAO) method developed by Carnegie Mellon computer scientists. Simply select an image or photograph of a memorable person performing an action with or to an object—and then put them all together to construct a phrase (however amusing or nonsensical). By selecting characters (e.g. the first three letters of each word) from said phrase, you can develop a password that's readily recalled.
EXPERT TIPTechnology SpecialistBrandon Phipps is a Technology Specialist based in Bakersfield, CA. He is the owner of Second Star Technologies and specializes in Managed IT Services for small and mid-sized businesses in Bakersfield, CA. With over 23 years of experience, he offers expert cloud computing, cybersecurity, and network management solutions. Brandon is a committed community member and coach who leads and innovates in tech and sports coaching. His dedication to local businesses and communities is evident in his hands-on, tailored approach to IT solutions.For better security, choose a long, complicated passphrase that you'll be able to remember. A passphrase is a longer password consisting of at least 14 characters that are based on words or phrases that are meaningful to you. For example, the phrase "I eat ice cream in summer" can be transformed into "!8!ceKRAM!n$umm3R." You'll remember your passphrase easily while keeping your data secure.
-
Use your sentence or statement to craft an easily memorable password. By taking certain letters from your phrase, you can assemble a password that's easy to remember (e.g. by using the first two or three letters from each word in your phrase and putting them together in order). Make sure your statement or sentence includes upper and lower case letters, numbers and special characters.
-
Create a complex but memorable sequence of words and/or letters. You can use a phrase or series of letters that is seemingly random but nevertheless easy to remember. The easily memorized series of letters can form a "base word" to which you should add symbols or numbers.
- If your children are Jessie, Cassey, Michael and Jenny, your base word might be "jecamije"—the first two letters of each name combined. If your first house was on Spooner Street, a base word might be "houseonspooner."
-
Use at least one letter, number and special character in your password. So, you could add an underscore (or other random punctuation) and numbers to create "jecamije_." Or you can add a symbol to the word to make "houseonspooner#1500."
-
Memorize your secure password. For example, a sentence like "My mother was born in Kansas City, Missouri on January 27th" might become a password like MmwbiKC,MOoJ27. Or a sentence like "The radio show begins at 9:10 AM on Mondays, Wednesdays and Fridays" could become "Trsb@0910oM,W&F."
-
Consider using your computer's Character Map/Character Palette to (optionally) insert special characters into your password. Windows can find these options under the Start Menu by clicking All Programs, clicking Accessories, clicking System Tools and finally selecting Character Map. Mac users simply need to select Edit at the top of their browser menu and subsequently select Special Characters at the bottom of the Edit menu. You can then replace some of your letters with special symbols to make your password more difficult to guess.
- These symbols can replace more commonly used characters, but it's worth noting that some sites' password system won't accept all of the available symbols. By way of example, "Ð…Ï‹ΠЅЂιηξ" could be used to replace "Sunshine."
- Remember that you'll have to actually re-enter this password when attempting to access a website or application, so consider the difficulty associated with repeatedly accessing your character map when entering passwords. You may decide it's too much of a hassle.
-
Remember to update and vary passwords. You shouldn't be using the same passwords across your various logins, and you shouldn't use the same password for more than a few months at a time.EXPERT TIPTechnology SpecialistBrandon Phipps is a Technology Specialist based in Bakersfield, CA. He is the owner of Second Star Technologies and specializes in Managed IT Services for small and mid-sized businesses in Bakersfield, CA. With over 23 years of experience, he offers expert cloud computing, cybersecurity, and network management solutions. Brandon is a committed community member and coach who leads and innovates in tech and sports coaching. His dedication to local businesses and communities is evident in his hands-on, tailored approach to IT solutions.
Avoid using the same password for multiple websites, especially if those sites have questionable security. If your login information on one website is compromised, hackers can potentially gain access to your accounts on other sites. Be sure to create unique passwords for each site to reduce your risk of being hacked.
Advertisement
-
Select a password management program. This software will generally allow you to automatically handle a wide variety of passwords (for applications and websites) by simply entering one "master" password—significantly simplifying your memorization and organization responsibilities. Password managers will generate, remember and audit a variety of distinct, complex and secure passwords for each of your requested logins while allowing you to simply remember that one master password. Some of the most popular options include LastPass, Dashlane, KeePass, 1Password and RoboForm. A number of articles and websites offer thorough reviews of these and other programs.
-
Download and install a password manager. Specific instructions will vary depending on which program you select, so be sure to follow instructions carefully. Generally speaking, you'll need to visit the appropriate vendor website and click a "download" button before following the installation instructions associated with your operating system.
-
Set up your password manager. Again, the process will vary depending on the specific program. But the basic idea is to set up a complex master password that allows the production and/or maintenance of multiple, site and application-specific passwords to access their destinations. Most popular programs are pretty user-friendly when it comes to core functionality.
-
Customize your preferences. Most of the best password managers will give you the option to either use your master password locally or synced across a variety of devices, so be prepared to determine what works best for you. You can also generally decide whether you wish the program to automatically log you in to sites and whether it audits your distinct passwords to ensure they're sufficiently different and changed on a regular basis.
Advertisement
-
Avoid default passwords. Some of them are: password, guest, user, admin. They are widely available on the internet, and are disallowed by many computer systems.
-
Avoid number sequences. Sequences such as 1234, 911, 112, 31415, 27183, or 0000 can be easily guessed because they are very common sequences.
-
Use more complex obfuscation. Instead of using the password "pr0d@dmin" (a password compromised during the DigiNotar attack), use an anagram such as "0@imdndpr".
Advertisement
Expert Q&A
Search
-
QuestionWhat are the rules to create a secure password?Luigi Oppido is the Owner and Operator of Pleasure Point Computers in Santa Cruz, California. Luigi has over 25 years of experience in general computer repair, data recovery, virus removal, and upgrades. He is also the host of the Computer Man Show! broadcasted on KSQD covering central California for over two years.It's a good idea to have at least 2 or 3 passwords that you use for different sites. That way, if one password is compromised, you won't have as many sites that you need to go in and change.
-
QuestionWhat are some good password ideas?Luigi Oppido is the Owner and Operator of Pleasure Point Computers in Santa Cruz, California. Luigi has over 25 years of experience in general computer repair, data recovery, virus removal, and upgrades. He is also the host of the Computer Man Show! broadcasted on KSQD covering central California for over two years.To make a very secure password, focus on the length. For instance, you might think of 3 words that normally wouldn't go together, and put them together in a password. It will take a computer about 60 years to figure out a 10-12 character password, even if it's all lowercase letters with no special characters.
-
QuestionCan I use foreign names or places?Community AnswerCertainly, but keep in mind that a hacker who knows the language that your password is in might be able to guess it.
Ask a Question
200 characters left
Include your email address to get a message when this question is answered.
Submit
Advertisement
Tips
- You should never use your name, or the username for your account in a password.Thanks
- Try using accented letters as part of your phone password. These are difficult to guess but easy to remember!Thanks
- Choose a separate, secure password for each type of account. ISP, email clients and social media (etc.) should all have different passwords. Don't use the same password for your banking and email that you use for your ISP logon.Thanks
Submit a Tip
All tip submissions are carefully reviewed before being published
Thanks for submitting a tip for review!
Advertisement
Warnings
- Do not use any passwords that appear on this page. They are now openly known and easy to find.Thanks
- Do not write your password in a location where it might be seen or found.Thanks
- Do not tell anyone your password. Someone could overhear you, or the person you told could let it slip intentionally or accidentally.Thanks
- Avoid web services that send you your original password, rather than a temporary password or password reset link, via email when you press a "forgot password" button. This behaviour indicates the web service in question is storing passwords using two-way encryption or even plaintext; in layman's terms, it means that the web service's password storage isn't safe.Thanks
Advertisement
About This Article
Article Summary
X
1. Pick a password that's 8-10 characters.
2. Use at least one uppercase and lowercase letter.
3. Use spaces or underscores.
4. Create distinct passwords for all sites.
5. Use a special character if permitted.
6. Update passwords regularly.
7. Sign up for a password manager.
8. Avoid predictable sequences and dictionary words.
Did this summary help you?
Thanks to all authors for creating a page that has been read 572,086 times.
Reader Success Stories
- "Excellent advice. We live in a world that requires us to be actively involved in protecting our personal information, and the need for multiple passwords and the frequent changes to those passwords becomes a challenge. This site makes it more manageable." ..." more
Advertisement
"Excellent advice. We live in a world that requires us to be actively involved in protecting our personal information, and the need for multiple passwords and the frequent changes to those passwords becomes a challenge. This site makes it more manageable."
..."
more
"My email and Facebook accounts were hacked and taken from me on Yahoo. I realized that I needed stronger passwords, though they didn't get in my accounts through my passwords. I just didn't know how to create stronger passwords."
..."
more
"I am 79 years old, so especially liked the password manager idea. I also liked the part about using your kids' names as a means of creating secure passwords."
..."
more
"It has not only helped me much in my studies, but also let me know how to apply and make passwords in real life. "
"Creating a secure password and the Q&A from the community also helped. I'm still working on the new password."
..."
more
