5 Steps to a Good Password

Simple Choices that Deter Password Hacking

Was this page helpful?

Before we begin, we must be clear on one major expectation: there is no such thing as a perfect password. A committed hacker can crack any password, given enough time and the right "dictionary" or "brute force" tools. But just like breaking into a car, if the protection is strong enough, the hacker will become discouraged and commonly give up before the protection fails.

Our objective is to create a password with 3 qualities:

  1. Is neither a proper noun nor a word in the dictionary.
  2. Is complex enough that it resists repetition attacks.
  3. Is intuitive enough that you can still remember it.

The suggestions below will achieve a balance of these 3 criteria.

of 05

Start With a Base Sentence Instead of a Word.

Man using laptop
Lilly Roadstones/Taxi/Getty Images

Password length is important because it adds complexity. A good password is at least 8 characters long. Once a password reaches 15 characters, it becomes particularly resistant to hackers and their dictionary programs.

Even more important than password length, however, is unpredictability: nouns and names, like 'seinfeld' or 'Bailey' or 'cowboy', are easily predicted by hacker dictionary programs. Definitely avoid using your pet or family names, as hackers will also prioritize those guesses.

A good way to have length and unpredictability is to use a base sentence or phrase as an acronym. As long as the resulting acronym does not resemble regular words, it will resist hacker brute force attacks.

How it works: choose a memorable quotation or saying that is meaningful to you, and then take the first letter of each word. You can use a favorite song lyric, a cliche that you know from your childhood, or a quote from a favorite movie.

Examples of some base word phrases:

  • You know nothing, Jon Snow: yknjs
  • Never give up, never surrender!: nguns
  • Can't See the Forest Through the Trees:  cstfttt
  • Put Up or Shut Up:  puosu
  • If the Shoe Fits, Wear It:  itsfwi
  • You Can Lead a Horse to Water:  yclahtw
  • The Last Mile Is Always Uphill: tlmiau
  • I Think, Therefore I Am:  ittia
  • Oh Say Can You See:  oscys
  • Honey Badger Doesn't Care: hbdc

Suggestion: try this list of texting acronym phrases you could use for inspiration

Suggestion: try this list of famous quotations and catchphrases

of 05

Lengthen the Phrase

Because passwords become particularly strong at 15 characters long, we want to lengthen your passphrase. This 15 character goal is because Windows operating systems will not store passwords at 15 characters or longer. 

While a long password can be annoying to type, a long password really helps to slow down brute force hacker attacks.

Tip: lengthen your password by adding a special character, then the website name or a favorite number to the base phrase. For example:

  • yknjs:1776
  • nguns-Amazon
  • cstfttt,Gmaildotcom
  • puosu$Mac
  • itsfwi@Epinions
  • yclahtw#Win10
  • tlmiau.8675309
  • ittia#Aboutdotcom
  • oscys+PayPal
  • hbdc*Ebaymarket
of 05

Swap In Non-Alphabetic and Uppercase Characters

Password strength increases significantly when you change some of the password letters into non-alphabetic characters, and then include uppercase and lowercase letters within the password. This 'character scrambling' creatively uses the shift key, numbers, punctuation marks, the @ or % symbols, and even semi-colons and periods. These unusual characters and numbers make your password even less predictable to hackers using dictionary database attacks.

Examples of character scrambling:

    • yknjs:!776
    • nguns-Amaz0n
    • Cstfttt,Gm@ildotcom
    • Puo5u.Mac
    • 1tsfwi@Epinions
    • Ycl@htw#Win10
    • 7lmiau.8675309
    • ittia#Aboutdotcom
    • o5cys+PayPal
    • hbd(*Ebaymark3t
    of 05

    Lastly: Rotate/Change Your Password Regularly

    At work, your network people will require you to change your password every several days. At home, you should rotate your passwords as a matter of good computer hygiene. If you are using different passwords for differents websites, you can do yourself a favor by rotating portions of your passwords every few weeks. Note that rotating parts of the password, not the entire passwords, will help deter hackers from stealing your phrases. If you can memorize three or more passwords at the same time, then you are in good shape to resist brute force hacker attacks.


    • yknjs(Amaz0n
    • hbd:1776
    • nguns-Gm@ildotcom
    • Cstfttt,Mac
    • Puo5u.Epinions
    • 1tsfwi@Win10
    • Ycl@htw#8675309
    • 7lmiau.Aboutdotcom
    • ittia#PayPal
    • o5cys*Ebaymark3t
    of 05

    Further Reading: Advanced Password Tips

    There are several other resources for building strong passwords.

    • See more samples of strong passwords here.
    • You can view otherAbout.com reader personal password suggestions. 
    • Stephen Chapman has a free password generator you can use online.
    • There are multiple drag-and-drop software tools that help you bypass hacker keylogger software.  Tools like KeyWallet Password Manager, KeePass, and Roboform work well because you can avoid typing your passwords entirely, and just let your mouse do the data entry.
    • You can also employ a digital vault like Password Safe. This kind of software creates personal "lockers" to keep all your passwords locked under a master password.