5 Steps to a Secure Password

Formulate secure passwords to foil hackers

Password login on computer screen

Epoxydude / Getty Images


There is no such thing as a perfect password. A committed hacker can crack any password, given enough time and the right brute force tools. The trick is to create a strong password that discourages the hacker. To do that, a useful and secure password should have these qualities:

  • It is not a proper noun or a word in a dictionary
  • It is complex enough that it resists repetition attacks
  • It is intuitive enough that you can remember it

Here's how to balance these criteria as you formulate your next password.

of 05

Start With a Base Sentence Instead of a Word

Password length is important because it adds complexity. A strong password is at least eight characters long. When a password reaches 15 characters, it becomes particularly resistant to hackers and their programs.

Even more important than password length, though, is unpredictability. Nouns and names, such as "Seinfeld," "Bailey," or "cowboy," are easily predicted by hacker dictionary programs. Definitely avoid using your pet or family names, as hackers prioritize those guesses.

A good way to have length and unpredictability is to use a base sentence or phrase as an acronym. As long as the resulting acronym does not resemble a regular word, it will resist hacker brute force attacks.

Here's how it works: Choose a quotation or saying that is meaningful to you and then use the first letter of each word in your password as a base. You can use a favorite song lyric, a cliche that you know from your childhood, or a quote from a favorite movie.

Examples of Base Word Phrases and Their Acronyms

  • You know nothing, Jon Snow: yknjs
  • Never give up, never surrender: nguns
  • Can't see the forest for the trees: cstfftt
  • Put up or shut up: puosu
  • If the shoe fits, wear It: itsfwi
  • You can lead a horse to water: yclahtw
  • The last mile is always uphill: tlmiau
  • I think, therefore I am: ittia
  • Oh say can you see: oscys
  • Honey badger doesn't care: hbdc
of 05

Lengthen the Phrase

Because passwords become particularly strong at 15 characters, lengthen your passphrase to strengthen it. The 15 character goal was chosen because Windows operating systems do not store longer passwords. 

While a long password can be annoying to type, it slows down and discourages brute force hacker attacks.

Lengthen your password by adding a special character, then the website name or a favorite number to the base phrase.

Examples of Special Characters

  • yknjs:1776
  • nguns-Amazon
  • cstfftt,Gmailme
  • puosu$Mac
  • itsfwi@Epinions
  • yclahtw#Win10
  • tlmiau.8675309
  • ittia#LWdotcom
  • oscys+PayPal
  • hbdc*Ebaymarket
of 05

Swap in Non-Alphabetic and Uppercase Characters

Password strength increases significantly when you change some of the password letters into non-alphabetic characters, and then include uppercase and lowercase letters within the password.

This character scrambling uses the shift key, numbers, punctuation marks, the @ or % symbols, and even semicolons and periods creatively. Using these unusual characters and numbers in the base acronym or elsewhere make your password even less predictable to hackers using dictionary database attacks.

Examples of Character Scrambling

  • yknjs:!776
  • nguns-Amaz0n
  • Cstfftt,Gm@i!me
  • Puo5u.Mac
  • 1tsfwi$Epinions
  • Ycl@htw#Win10
  • 7lmiau.8675309
  • ittia#LWdotcom
  • o5cys+PayPal
  • hbd(*Ebaymark3t
of 05

Change Your Password Regularly

At work, your network people may require you to change your password regularly. At home, you should change or rotate your passwords as a matter of good computer hygiene. If you use different passwords for different websites — which you should — you can rotate portions of your passwords every few weeks.

Rotating parts of the password instead of the entire password deters hackers from stealing your phrases. If you can memorize three or more strong passwords at the same time, then you are in good shape to resist brute force hacker attacks.

Examples of Strong Passwords

  • yknjs(Amaz0n
  • hbd:1776
  • nguns-Gm@ilm3
  • Cstfftt,Mac
  • Puo5u.Epinions
  • 1tsfwi@Win10
  • Ycl@htw#8675309
  • 7lmiau.LWdotcom
  • ittia#PayPal
  • o5cys*Ebaymark3t
of 05

Advanced Password Tips

Now that you've created your strong passwords, you have to remember them. Use available tools to do that work for you:

  • Tools like KeyWallet Password Manager, KeePass, and Roboform are drag-and-drop software tools that help you bypass hacker keylogger software.  They work well because you can avoid typing your passwords entirely and let your mouse do the data entry.
  • You can also employ a digital vault such as Password Safe. This kind of software creates personal lockers to keep all your passwords locked under a master password.