Updated: January 31, 2024
Most people hate managing and remembering passwords. In the age of the internet, it’s one small point of frustration most of us agree on. The unfortunate truth, however, is that strong passwords are a necessary evil. With that in mind, we’ve compiled this list of tips for creating a strong password, including ways to create a secure password you can actually remember.
Minimum Password Length
For many years, experts have agreed that strong digital security starts with a minimum password length of eight characters. Over time, as technology has evolved, hackers and their digital tools for cracking passwords has gotten more sophisticated. Some security specialists now view an eight-character minimum password length as insufficient and instead recommend 12, 15 or even up to 17 characters!
The eight-character recommendation is far from dead, though. Microsoft, the U.S. government and even some security awareness training companies still accept an eight-character minimum as an adequate foundation.
Whether you agree that an eight-character minimum password length is adequate or not, the important thing to remember is that the more characters, the better—on this point every expert agrees.
Never Use Obvious Words or Numbers for Passwords
It’s tempting to use easy-to-remember passwords that are anything but random. Such passwords include the user’s name, birthdate, the name of relatives and/or their birthdates, the names of pets, or other easy-to-remember but easy-to-crack words. This category also includes any word from the dictionary and simple phrases such as “ILoveYou,” “thisismypassword,” “fan4life,” or variations of such obvious, strung-together phrases.
Passwords like these are one of the most common, most dangerous security practices. Hackers not only have software to help crack them, but they often turn to social media accounts for personal information to help more easily crack passwords of specific users.
Creating a strong password starts with veering away from the obvious.
Use Symbols, Numbers and Capital Letters
Adding random symbols, numbers and/or capital letters to a password can make it many, many times more secure and harder to decode. The key here, though, is “random.” The use of symbols, numbers and capital letters is of little benefit if you choose obvious passwords and substitutions. For example, none of the following (or similar variations) represent effective schemes for creating a strong password: “whitehouse,” “WhiteHouse,” “wHitEhOUse,” “whiteh0use,” “whlTeh0use.”
“WHi4Te70use” is better but still vulnerable in the hands of a seasoned, deliberate hacker with the proper tools.
A Password Creation Scheme
Think of a phrase—any will do. Here’s an example: “I went to my first rock show at age nineteen.” There are 10 words, and the resulting password will be at least 10 characters long. Consider the phrase again, this time with all the first letters capitalized and bolded:
I Went To My First Rock Show At Age Nineteen
These highlighted letters will form the basis of our example password: “iwtmfrsaan.” By itself, this combination doesn’t create any obvious or meaningful words, making it easily more secure than “whlTeh0use.” It’s still far from ideal, though. The first way to improve it could be by adding some random capital letters: “iWtmFrsaaN.” This variation is better but needs additional refinement. Consider the following version that adds symbols and numbers in place of some letters: !W+mFr$a@N.
This time, we substituted “!” for “i,” “+” for “t,” “$” for “s” and “@” for one “a.” Although these substitutions are logical in the context of our phrase, they’re random without it, yet are easier to remember than a random password lacking such mental context. To recall this password, all we need do is think of “I went to my first rock show at age nineteen.”
We could further strengthen this password with the addition of some numbers: !W+mFr$a@1N9. Within the context of our example phrase, this variation still makes sense and is fairly easy to recall. Without our phrase, however—which a hacker will never gain access to—it’s random.
To make this password even more secure, we could add a few more numbers. Suppose the rock show was in 2012: !2W0+m1Fr$2a@1N9. For some readers, this last may be too much, but our sample password is still strong without “2012” sprinkled in.
You could also create a password from this phrase using the second letter of each word (with “I” being an obvious exception) or maybe the last letter of each word and so forth.
It’s important to note that this suggested method is only one of several possible ways to create an effective, yet easy-to-remember password. A simple Google search will uncover more.
Use a Password Manager
Online criminals have become extremely sophisticated, and yet, as time passes, users need more and more passwords to access life online. Reusing the same password at multiple sites, though convenient, is dangerous and highly inadvisable—this is another point upon which all security experts agree.
Over time then, many users will likely hit a point that, even with strong passwords created from methods like the one suggested above, there will simply be too many passwords to remember. This is especially true considering that each login is associated with a username, which should also vary from one site to the next. This is where a password management program can help.
As the name suggests, these programs securely store passwords in memory and link them, along with the associated username, to the site where they grant access. With a password manager, all you’ll need is a single password for the manager program itself.
While we don’t recommend any particular password management program, several feature-rich, cost-effective packages are available, and most offer a free version, too. Just enter “password manager” into Google, and you’ll find several.
Password management programs aren’t without risk. If the master password for the manager program gets compromised, each stored password will be exposed. To avoid this, we suggest using the tips here for creating a strong password to help make your manager program as secure as possible. You should always practice strong password security, too (e.g., never write your password down, never share it with others, etc.).
Change Your Password Perspective
The use of strong passwords can be inconvenient and nerve-wracking—but it doesn’t have to be. Try lessening the stress by using some of the suggestions here for creating a strong password. We further suggest thinking of the process not as a burden, but as more of a word game or a puzzle. You might even start having a little fun while making your online life far more secure.
