“Be sure to use a strong password” is advice we all constantly see online. Here’s how to create a strong password — and, more importantly, how to actually remember it.
Using a password manager helps here, as it can create strong passwords and remember them for you. But, even if you use a password manager, you’ll at least need to create and a remember a password for your password manager.
The Traditional Password Advice
According to the traditional advice — which is still good — a strong password is:
Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.
Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.
Try to mix it up — for example, “BigHouse$123” fits many of the requirements here. It’s 12 characters and includes upper-case letters, lower-case letters, a symbol, and some numbers. But it’s fairly obvious — it’s a dictionary phrase where each word is capitalized properly. There’s only a single symbol, all the numbers are at the end, and they’re in an easy order to guess.
A Trick For Creating Memorable Passwords
With the tips above, it’s pretty easy to come up with a password. Just bash your fingers against your keyboard and you can come up with a strong password like “3o(t&gSp&3hZ4#t9”. That’s a pretty good one — it’s 16 characters, includes a mix of many different types of characters, and is hard to guess because it’s a series of random characters.
The only problem here is memorizing this password. Assuming you don’t have a photographic memory, you’d have to spend time drilling these characters into your brain. There are random password generators that can come up with this type of password for you — they’re generally most useful as part of a password manager that will also remember them for you.
You’ll need to think about how to come up with a memorable password. You don’t want to use something obvious with dictionary characters, so consider using some sort of trick to memorize it.
For example, maybe you can find it easy to remember a sentence like “The first house I ever lived in was 613 Fake Street. Rent was $400 per month.” You can then turn that into a password by using the first digits of each word, so your password would become “TfhIeliw613FS.Rw$4pm”. This is a strong password at 21 digits. Sure, a true random password might include a few more numbers and symbols and upper-case letters scrambled around, but it’s not bad at all. You just need to remember two simple sentences, so it’s easy to remember.
Random Password Generators
A random password generator is a software or hardware device that automatically generates a password. Random passwords can be generated manually, using sources of randomness such as dice or coins, or they can be generated using a computer. To generate your own, try Dashlane’s Password Generator.
Using Password Managers
A simple, password protected spreadsheet is likely the least expensive password management system, especially if you already have a spreadsheet product on your computer. If you do not, you can download the latest version of LibreOffice from http://www.libreoffice.org/ for free, totally FREE!! Although this is a “caveman” approach to password management, it will easily meet most user’s needs. Plus, with the introduction and advancements of Google Docs and Office 365 (also available as free services), now you can store password-protected spreadsheets in the cloud and access them from almost any device.
The number one software product that we recommend is KeePass. KeePass is a FREE password generator and manager that resides on your computer. Although they also have smartphone versions and accessories, those additional functions usually come at a cost. KeePass is completely open source, therefore free. You can check it out for yourself by visiting our Free Utilities page or you can check out KeePass directly by visiting their website at http://keepass.info/.
The most popular online password manager currently is Dashlane. They have easy to use apps for every single platform, they integrate with every web browser, and it’s completely free to use the basic features. If you want to sync your passwords between different devices, you’ll need to upgrade to a premium account. You can download and test the free version of Dashlane by visiting their website at https://www.dashlane.com/.
Another good choice is LastPass. LastPass is a cloud-based, secure password vault. It allows you to store all of your passwords, and even notes, in an easy-to-use, searchable and organized way. It also supports autofill, so saved passwords can autofill your login every time you sign into your account. It’s convenient, easy access is supported by Windows, Mac, Linux and most lines of smartphones. They do offer paid products and plans for several advanced features. You can check them out at https://lastpass.com/.
Two Factor Authentication, also known as 2FA, two step verification or TFA (as an acronym), is an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token.
Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person’s personal data or identity.
There are a lot of options for password management. You will need to choose the option that works best for you. There is no one, single answer. One thing, however that does not change is how to create a complex password to begin with. It’s an interesting artform that you can build upon the more that you use it. In summary, let’s remember the basic considerations in creating a secure password.
- Passwords with a minimum of 12 total characters.
- Use a mixture of uppercase, lowercase, numbers and symbols, trying never to repeat them or place them in and kind of logical sequence.
- Do not use dictionary words or any combination of dictionary words.
- Do not rely on obvious substitutions (for example $=s, 3=E, 0=o)
- Try to mix-it-up – Don’t be obvious.
- If available, enable and use two-factor authentication.
At the end of the day it’s important to remember that even complex passwords can be compromised, and you should never think you are completely secure just because your password is longer than Ulysses. It takes wits and common sense to avoid phishing scams and other common techniques that can compromise your accounts.