April, 2013
Before we begin, we must be clear on one major expectation: there is no such thing as a perfect password. A committed hacker can crack any password, given enough time and the right "dictionary" or "brute force" tools. But just like breaking into a car, if the protection is strong enough, the hacker will become discouraged and commonly give up before the protection fails.
In this tutorial below, we will explain how to create a password that 1) is not a word in the dictionary, nor a proper noun, 2) is complex enough to foil repetition attacks, and 3) is intuitive enough for you to remember.1. Start With a Base Word Phrase.
A good password starts with a base word phrase. This means: choose a memorable catchphrase, quotation, or easy-to-remember saying, and take the first letter from each word. Choose a phrase that is memorable to you.
Examples of some base word phrases:
- Can't See the Forest Through the Trees: cstfttt
- Put Up or Shut Up: puosu
- If the Shoe Fits, Wear It: itsfwi
- You Can Lead a Horse to Water: yclahtw
- The Last Mile Is Always Uphill: tlmiau
- I Think, Therefore I Am: ittia
- Oh Say Can You See: oscys
- Honey Badger Doesn't Care: hbdc
Suggestion: try this list of acronym phrases you could use for inspiration
Suggestion: try this list of famous quotations and catchphrases
2. Lengthen the Phrase
Passwords start to become strong at 6 characters long. While a long password can be annoying to type, a long password really helps to slow down brute force hacker attacks.
Tip: lengthen your password by adding the website name or computer software name to the base phrase. For example:
- cstftttGmail
- puosuVista
- itsfwiEpinions
- yclahtwWin7
- tlmiauMac
- ittiaAboutdotcom
- oscysPayPal
- hbdcEbay
Tech tip: passwords that are 15 characters and more are extremely strong, because Microsoft Windows will not store scrambled passwords in hidden files once they are 15 characters or longer.
3. Swap In Non-Alphabetic and Uppercase Characters
Password strength increases significantly when you change some of the password letters into non-alphabetic characters, and then include uppercase and lowercase letters within the password. This 'character scrambling' creatively uses the shift key, numbers, punctuation marks, the @ or % symbols, and even semi-colons and periods. These unusual characters and numbers make your password even less predictable to hackers using dictionary database attacks.
Examples of character scrambling:
- CstftttGm@il
- Puo5uVista
- 1tsfwiEpinions
- Ycl@htwWin7
- 7lmiauMac
- ittiaAboutdotcom
- o5cysPayPal
- hbd(Ebay
4. Lastly: Rotate/Change Your Password Regularly
At work, your network people will require you to change your password every several days. At home, you should rotate your passwords as a matter of good computer hygiene. If you are using different passwords for differents websites, you can do yourself a favor by rotating portions of your passwords every few weeks. Note that rotating parts of the password, not the entire passwords, will help deter hackers from stealing your phrases. If you can memorize three or more passwords at the same time, then you are in good shape to resist brute force hacker attacks.
Examples:
- hbd(Gmail
- CstftttVista
- Puo5uEpinions
- 1tsfwiWin7
- Ycl@htwMac
- 7lmiauAboutdotcom
- ittiaPayPal
- o5cysEBay
5. Further Reading: Advanced Password Tips
There are several other resources for building strong passwords.
- See more samples of strong passwords here.
- You can view other About.com reader personal password suggestions.
- Stephen Chapman has a free password generator you can use online.
- There are multiple drag-and-drop software tools that help you bypass hacker keylogger software. Tools like KeyWallet Password Manager, KeePass, and Roboform work well because you can avoiding typing your passwords entirely, and just let your mouse do the data entry.
- You can also employ a digital vault like Password Safe. This kind of software creates personal "lockers" to keep all your passwords locked under a master password.
- Try Mary Landesman's phrasing tips for password generation.
