How to Choose a Secure and Hack-Proof, Strong Email Password

Wifi password written on a fridge door

Westend61 / Getty Images

How secure is your email? We all know that unencrypted emails can be intercepted and read freely, but one of the prime dangers still is people hacking into your email account.

Your best defense against email hackers is a strong password. But how do you make a password both difficult to guess and easy to remember? Both long and speedy to type? Here's one strategy for secure email passwords that turns a simple sentence into a complex password and adapts it for the individual email service, too.

Choose a Secure and Hack-Proof, Strong Email Password

To create an email password that is hard to crack:

  • Pick a sentence you can remember easily.
    • This could be a summary of a significant event, a description of your favorite place or the first difficult sentence you learned in a new language.
  • Combine word segments to form a new string.
    • Make sure the string is at least 8 characters long. Strive for 10 or more characters, though. Your password's length is probably the prime ingredient for security.
    • Combine word endings, beginnings, and other parts similar to how new words are formed out of two existing words. Make sure the resulting string is easy to remember and has a nice ring and rhythm.
    • Do not use too mechanical a process — like using every word's first character, for example.
  • Capitalize two or more characters where it makes sense.
    • Pick the "words" that convey your sentence's core message, for example.
    • Do not just capitalize the first or last character.
    • Some email systems may not regard case in passwords. We'd still suggest using the mixed-case password in these cases, except when the email service does require an all-lower-case password.
  • Introduce two or more numbers, dots, ampersands or other special characters.
    • Look for places where punctuation makes sense in your string, preferably somewhere in the middle.
    • Of course, do turn numbers (in your original phrase) into digits. You can also replace "for" with "4", and look for other expressions that lend themselves to being turned into numbers easily.
    • Some email services may not allow extra characters. Make sure you have an all-character password ready and well-established for these.
  • Include a character or two derived from the email system for which the password is used.
    • Make sure you can easily reproduce the characters you come up with.
    • This creates a unique password for each email service.

Secure Email Password Example

Let's say…

  • Momotaro went walking toward the sea.
  • our initial sentence.
  • From a hugely popular fairy tale, this sentence is not perfect, of course. Try to pick something unique and personal that does not yet appear on the web.
  • morowewalintodse
  • We have picked a few characters and word segments, mostly by random (our password does sound like a somewhat twisted Japanese word now, though, does it not?):
  • momotaro went walking toward the sea.
  • moroWeWalintodSe
  • Let's say went walking and sea contain our original sentence's core message.
  • moro%WeWa1in2dSe
  • The l looks a bit like a 1, so let's exchange the two.
  • To, of course, becomes 2.
  • Finally, a percent sign marks our hero, little peach boy.
  • moro%OOWeWa1in2dSe
  • We use this password for Gmail. Let's pick "oo" from "Google" and turn it into "OO", then insert it, after the percent sign.
  • For, we could choose "TL" derived from "Outlook", for example, and get moro%TLWeWa1in2dSe. That's not particularly original, but it should suffice.

This password is a tad long and cumbersome to type. You do, we hope, get the idea, however.

Alternative Secure Password: A Sentence

If the email service allows for really long passwords, you can use a reasonably long, random sentence as your password. You can pick the phrase with which we started above, of course. Make sure the sentence is unique — lines from popular books or lyrics are not ideal — and long enough — say, 50 or 60 characters. A unique and quasi-random sentence in a foreign language is usually a good choice.

Beware Social Engineering

No matter how clever and strong your password, the hacker is in if you give it away.

  • Do not send passwords by email.
  • Only enter passwords on websites, and only if:
    • You have opened by typing the address or selecting from your bookmarks.
    • The site is using a secure HTTPS connection.
    • You have verified the site's identity using its certificate.