Creating Strong Passwords

A strong password is one of the most important protections you have on your computer and online. Tools such as LastPass or KeePass can help create and manage passwords for your online accounts, but you still need to know how to create a strong password for the master password and your accounts that are not online.

Strong passwords share these characteristics.

  • Length: eight or more characters
  • Complexity: include lower-case letters, upper-case letters, numbers, and – if permitted – symbols and punctuation. (Beware of using a single word with common letter/number/symbol changes. Cracking software knows of these substitutions.)
  • Variation: even if a criminal is attempting to crack your password, changing it will set them back to square one.
  • Variety: don’t use the same password everywhere. If the criminals get one password, they will try it elsewhere.

Here is a simple and effective tip for creating a memorable strong password: play Mad Libs!

What to do Example
Choose a noun, verb, and adjective/adverb Camel laughs hysterically
Remove the spaces Camellaughshysterically
Change words into shorthand or change a letter into a look-alike number or symbol Cam3llaughshyster1cally
If you need a longer password, add some meaningful numbers to the end Cam3llaughshyster1cally2011

 

Following this process will create a password that would take decades to crack using a brute force method on the fastest computer on Earth! To remember it, you keep a mental picture of a camel laughing hysterically, which is far easier to do than remembering the actual password.

Pitfalls to Avoid

Criminals use sophisticated tools to crack passwords quickly. You should avoid these things when creating any password.

  • A single word found in any dictionary (Examples: password, Rechnerkennwort, or NCC1701)
  • A single word spelled backwards, common misspellings, or abbreviations (Examples: drowssap, accomodate, or blvd)
  • Repeated characters or sequences (Examples: 123456789, 999999999, abcdefgh, or asdfasdf)
  • Personal information (Examples, names, birthdays, or driver’s license number)