How to easily make a strong password

November 2010

One problem with IT security is that users do not usually have strong passwords.

There is no better proof of this than a real-world study, and a hack of Rockyou.com exposed 32 million passwords. This was a great opportunity to study passwords used in the real world, and Impervia did just that. The most common password? “123456”, you might laugh at that but exactly 290,731 people thought that it was a good idea. The full report on this can be found at the following link.

Imperva Worst Practices - PDF

You can use the following websites to see how secure your current password really is. Even if these sites flag your password as secure still read the rest of this, knowledge is power.

So now that we have that truth out the way, how can we make a strong password you ask?

Follow these steps and you’ll have something that is much more secure than what you have now.

  1. Don’t include any personal information or anything else that can be used to identify you. It is very easy for someone to guess things like your last name, pet’s name, child’s birth date and other similar details.

  2. Don’t use any words. It’s too easy to brute force every word in the dictionary and its variants.

  3. Mix it up a bit. It’s much harder to crack a password that uses a combination of uppercase, lowercase, numbers, and special characters.

  4. Length matters. The difference between cracking a 5 character password and a 14 character password, on an average computer, is over 154,640,721,434 millennia. See the table in the link for more info. How I’d Hack Your Weak Passwords

  5. Now if you’ve followed the last tips you probably have a better idea of what makes a more secure password, but how do you create something you can remember? Very Simple. Get a quote you like or a phrase you are likely to remember, for example, “I was born here in Australia in 1989”. Now reduce that to its acronym, so now we have “IwbhiAi1989”. Simply mix it up a bit and add a couple of special characters, and it’s now “IwBhI@i1989!”.How easy was that?

  6. Well now you have a good password so everything is fine right? No, you will probably still use it at all the sites you visit, for banking, email, etc. So how can you make a unique password for each site? Simple. Take the password you have and include a part of the website it’s for in the mix, so for Facebook, the above example password would become something like “IwBhI@i1989!_FB”.You can even become more elaborate with it by mixing where you add the website addition. For example “FB_IwBhI@i1989!” or “F_IwBhI@i1989!_B”. To make it less likely that your generation method will be detected (if several of your passwords are compromised) you can put the website addition inside the password or use different characters in place of normal letters, for example, “IwBhIF@Bi1989!” or “IwBhI@i1989!_f3”

Of course, the best way to have a unique, extremely secure password is to use a Password Manager like Keepass or Lastpass. Password Managers are able to generate very strong random passwords to any length you specify. You can also modify the complexity of those passwords for websites that have restrictions on what you can use in a password. One attraction is that you can also use a Password Manager to auto-type your passwords, making it even more convenient for you.

However be aware that you need to make the master password as secure as you can, use the tips above and you should have something that would require significant effort to bypass conventionally.

That said you still need to keep the machine you’re on as secure as possible, so basic things like a Firewall, Antivirus, Antimalware, and Common sense are essential (even if you are running on Linux or a Mac!).

Back to article list