1. Computing

5 Steps to a Good Password

Simple Choices that Deter Password Hacking

By

April, 2014

Before we begin, we must be clear on one major expectation: there is no such thing as a perfect password. A committed hacker can crack any password, given enough time and the right "dictionary" or "brute force" tools. But just like breaking into a car, if the protection is strong enough, the hacker will become discouraged and commonly give up before the protection fails.

In this tutorial below, we will explain how to create a password that 1) is not a word in the dictionary, nor a proper noun, 2) is complex enough to foil repetition attacks, and 3) is intuitive enough for you to remember.

1. Start With a Base Word Phrase.

Man using laptop
Lilly Roadstones/Taxi/Getty Images

A good password starts with a base word phrase. This means: choose a memorable catchphrase, quotation, or easy-to-remember saying, and take the first letter from each word. Choose a phrase that is memorable to you.

Examples of some base word phrases:

  • Can't See the Forest Through the Trees:  cstfttt
  • Put Up or Shut Up:  puosu
  • If the Shoe Fits, Wear It:  itsfwi
  • You Can Lead a Horse to Water:  yclahtw
  • The Last Mile Is Always Uphill: tlmiau
  • I Think, Therefore I Am:  ittia
  • Oh Say Can You See:  oscys
  • Honey Badger Doesn't Care: hbdc

Suggestion: try this list of acronym phrases you could use for inspiration

Suggestion: try this list of famous quotations and catchphrases

2. Lengthen the Phrase

Passwords start to become strong at 6 characters long. While a long password can be annoying to type, a long password really helps to slow down brute force hacker attacks.

Tip: lengthen your password by adding the website name or computer software name to the base phrase. For example:

  • cstftttGmail
  • puosuVista
  • itsfwiEpinions
  • yclahtwWin7
  • tlmiauMac
  • ittiaAboutdotcom
  • oscysPayPal
  • hbdcEbay

Tech tip: passwords that are 15 characters and more are extremely strong, because Microsoft Windows will not store scrambled passwords in hidden files once they are 15 characters or longer. 

3. Swap In Non-Alphabetic and Uppercase Characters

Password strength increases significantly when you change some of the password letters into non-alphabetic characters, and then include uppercase and lowercase letters within the password. This 'character scrambling' creatively uses the shift key, numbers, punctuation marks, the @ or % symbols, and even semi-colons and periods. These unusual characters and numbers make your password even less predictable to hackers using dictionary database attacks.

Examples of character scrambling:

    • CstftttGm@il
    • Puo5uVista
    • 1tsfwiEpinions
    • Ycl@htwWin7
    • 7lmiauMac
    • ittiaAboutdotcom
    • o5cysPayPal
    • hbd(Ebay

    4. Lastly: Rotate/Change Your Password Regularly

    At work, your network people will require you to change your password every several days. At home, you should rotate your passwords as a matter of good computer hygiene. If you are using different passwords for differents websites, you can do yourself a favor by rotating portions of your passwords every few weeks. Note that rotating parts of the password, not the entire passwords, will help deter hackers from stealing your phrases. If you can memorize three or more passwords at the same time, then you are in good shape to resist brute force hacker attacks.

    Examples:

    • hbd(Gmail
    • CstftttVista
    • Puo5uEpinions
    • 1tsfwiWin7
    • Ycl@htwMac
    • 7lmiauAboutdotcom
    • ittiaPayPal
    • o5cysEBay

    5. Further Reading: Advanced Password Tips

    There are several other resources for building strong passwords.

    ©2014 About.com. All rights reserved.