How to Create Strong Passwords

Creating secure passwords that are difficult for fraudsters to “crack” is not as difficult as you may think. The other aspect, beyond strength, is making it easy to recall. (Strangely, “password” is not a good password. It’s more like a caption describing itself, like naming your daughter Daughter.)

How secure is my password

Easy Memorability – Acronym

Part of the process is coming up with simple memorization techniques. Mnemonics (connecting concepts to enhance recall) are the best for ease. One mnemonic you can use is an acronym — using the initial letters from a sentence. All you have to do is remember the sentence. For example, “Both I and Paul McCartney are 2 walruses.” You’d then shorten this to bI&PMr2w, perhaps. Notice how in password form, I made the password more complex by using the ampersand symbol (“&”) and the numeral 2 and capitalizing “I” and McCartney’s name. (Also notice that we are both walruses, and don’t hate.)

Altnerative – Pass Phrase

A pass phrase is a kinda bizarre collection of words, numbers, and symbols. This should not be a straight sentence but should be something like, “dolphin16liverFailure$$$bananaPudDing.” Notice how I capitalized a few letters to again make the password more difficult to hack.

Be aware that Microsoft advises against using any complete words, so the pass phrase is probably not the way you want to go, just giving you some options.

Note the Hacker Approach

If someone is trying to figure out your passwords, they will first try your name, user name, name of your business, and then try names of other identifying information in your life — streets you’ve lived on, schools you’ve gone to, etc. So remove the password from your easily “attachable” info — the data that surrounds your identity. Also remove the password from common sentiments of your demographic. (“Neilyoungistheantichrist,” then, may not be a good password for those living in the southern US.)

Admixture of Characters

You want a compilation, not just a bunch of upper-case or lower-case letters. Include letters from each case, symbols, and numbers.

Bigger is Better

As you see exhibited above, you want your password to be long, at least 8 characters. It’s easier for a hacker’s password software to file through the combinations for a three character password, exponentially easier than it is to do the same for a password tripled to nine characters. (For an example of improved length, “welcome-hackers” is better than simply “welcome.”)

Change It Up

Regularly adjust your passwords. If you want to really be on top of your security, change the password every 30 days. Clearly that’s annoying — but it’ll significantly increase your protection so that no threads of your password input are ever more than 30 days old. When you change it, completely change it. Most people just switch to a different spelling or add a symbol when switching to a new one, and this is a mistake. (Rather than changing from “ima420er!!!” to “ima420er???” change it to “no555notme.”)


That should give you a good sense of how to improve your passwords and how to remember them. (Psst, let’s all go change our passwords to “password” now and forget what I said. Life is about being brave.)


by Kent Roberts and Richard Norwood

Follow Rich Norwoodon