5 Steps to a Good Password

Simple choices that deter password hacking

Typing password on computer

There is no such thing as a perfect password. A committed hacker can crack any password, given enough time and the right "dictionary" or "brute force" tools. The trick is to create a password that discourages the hacker.

The objective is to create a password with 3 qualities

  1. Is neither a proper noun nor a word in the dictionary.
  2. Is complex enough that it resists repetition attacks.
  3. Is intuitive enough that you can still remember it.

The suggestions below will help you achieve a balance of these 3 criteria.

of 05

Start With a Base Sentence Instead of a Word

Password length is important because it adds complexity. A good password is at least 8 characters long. Once a password reaches 15 characters, it becomes particularly resistant to hackers and their dictionary programs.

Even more important than password length, however, is unpredictability: nouns and names, like 'seinfeld' or 'Bailey' or 'cowboy', are easily predicted by hacker dictionary programs. Definitely avoid using your pet or family names, as hackers will also prioritize those guesses.

A good way to have length and unpredictability is to use a base sentence or phrase as an acronym. As long as the resulting acronym does not resemble regular words, it will resist hacker brute force attacks.

How it works: Choose a memorable quotation or saying that is meaningful to you, and then take the first letter of each word. You can use a favorite song lyric, a cliche that you know from your childhood, or a quote from a favorite movie.

Examples of some base word phrases:

  • You know nothing, Jon Snow: yknjs
  • Never give up, never surrender!: nguns
  • Can't See the Forest Through the Trees:  cstfttt
  • Put Up or Shut Up:  puosu
  • If the Shoe Fits, Wear It:  itsfwi
  • You Can Lead a Horse to Water:  yclahtw
  • The Last Mile Is Always Uphill: tlmiau
  • I Think, Therefore I Am:  ittia
  • Oh Say Can You See:  oscys
  • Honey Badger Doesn't Care: hbdc

Suggestion: Try this list of texting acronym phrases you could use for inspiration.

Suggestion: Try this list of famous quotations and catchphrases.

of 05

Lengthen the Phrase

Because passwords become particularly strong at 15 characters long, we want to lengthen your passphrase. This 15 character goal is because Windows operating systems will not store passwords at 15 characters or longer. 

While a long password can be annoying to type, a long password really helps to slow down brute force hacker attacks.

Tip: lengthen your password by adding a special character, then the website name or a favorite number to the base phrase. For example:

  • yknjs:1776
  • nguns-Amazon
  • cstfttt,Gmaildotcom
  • puosu$Mac
  • itsfwi@Epinions
  • yclahtw#Win10
  • tlmiau.8675309
  • ittia#Lifewiredotcom
  • oscys+PayPal
  • hbdc*Ebaymarket
of 05

Swap In Non-Alphabetic and Uppercase Characters

Password strength increases significantly when you change some of the password letters into non-alphabetic characters, and then include uppercase and lowercase letters within the password.

This 'character scrambling' creatively uses the shift key, numbers, punctuation marks, the @ or % symbols, and even semi-colons and periods. These unusual characters and numbers make your password even less predictable to hackers using dictionary database attacks.

Examples of character scrambling:

    • yknjs:!776
    • nguns-Amaz0n
    • Cstfttt,Gm@ildotcom
    • Puo5u.Mac
    • 1tsfwi@Epinions
    • Ycl@htw#Win10
    • 7lmiau.8675309
    • ittia#Lifewiredotcom
    • o5cys+PayPal
    • hbd(*Ebaymark3t
    of 05

    Lastly: Rotate/Change Your Password Regularly

    At work, your network people will require you to change your password every several days. At home, you should rotate your passwords as a matter of good computer hygiene. If you are using different passwords for different websites, you can do yourself a favor by rotating portions of your passwords every few weeks.

    Rotating parts of the password instead of the entire password will help deter hackers from stealing your phrases. If you can memorize three or more passwords at the same time, then you are in good shape to resist brute force hacker attacks.


    • yknjs(Amaz0n
    • hbd:1776
    • nguns-Gm@ildotcom
    • Cstfttt,Mac
    • Puo5u.Epinions
    • 1tsfwi@Win10
    • Ycl@htw#8675309
    • 7lmiau.Lifewiredotcom
    • ittia#PayPal
    • o5cys*Ebaymark3t
    of 05

    Further Reading: Advanced Password Tips

    There are several other resources for building strong passwords.

    • See more samples of strong passwords here.
    • There are multiple drag-and-drop software tools that help you bypass hacker keylogger software.  Tools like KeyWallet Password Manager, KeePass, and Roboform work well because you can avoid typing your passwords entirely, and just let your mouse do the data entry.
    • You can also employ a digital vault like Password Safe. This kind of software creates personal "lockers" to keep all your passwords locked under a master password.