How Do I Choose a Strong Password?

March 24, 2009

Every person who uses a computer knows how important security is. One aspect of security that we will be examining today is the infamous password. How do you choose a good password? Having a weak password is one way that can lead to identity theft and/or other personal data information being exposed.

Many people use a spouse’s name, loved one’s name, birth date, kid’s name, or a pet’s name as their password. In order to understand why using a simple word or name as a password is not a good option, it would help to understand how passwords are cracked.  Hackers will run tools to look up your encrypted password in a database of passwords that have been previously tested and decrypted. This database is a huge list of millions of passwords.  A tool can then simply look up the decrypted password given the encrypted one.  A hacker may not know your dog’s name is Bailey, but if they can look up your encrypted password, it takes a fraction of a second to discover the decrypted password. Also, it is common to think that if you add a number to a common word, the password is much more secure.  Choosing Bailey1 is not more secure than Bailey.

What makes up a good password? A good password should contain the following:

-Lowercase letters

-Uppercase letters



-At least 8 characters long

It is a good idea to take a word and disguise it as a password so that it can easily be remembered. For example, take the word, “mailbox”. This could be disguised as a password by inserting some symbols and special characters in the word. For instance, it could be transformed into “m@1LB0x!#”. Keep in mind however that a good password should also be at least 8 characters long.

Another way to generate passwords is to start with a sentence or phrase and take the first letter of each word, plus adding numbers and special characters, to make a random looking password from something you will easily remember.  For example, let’s start with the phrase “Row, row, row, your boat, gently down the stream”.  You could turn that into 3RubgdTs!.  This password comes from the 3R’s of Row, then U, being short for you, then the first letter of the remaining words followed by the exclamation point.  It looks like gibberish and a random password, but if you remember the formula that gave you the password, you are set.

There are many tools out there to help people create passwords. A good password generator can be found here: . Using this tool is a good way to create a secure password, but how do you keep track of random passwords? It is not good to have a list of passwords written down because a file can be lost.  It is good to have different passwords and not use one universal password for ALL of your logins.  This can be practically accomplished through the use of a password organization tool.

A good password organization tool to look into is Keepass . This program is a digital vault for passwords. You can keep passwords and login information for all your online memberships, forums, bank logins, credit card sites, email accounts and more. One may think that if all of their passwords are in one central location that it could be security vulnerability, but, the way this program is designed is to have a master encryption key that is 20-30 characters long. After setting up the program and typing in the master password everyday for about a week, people are able to usually memorize the password, especially if you use the password phrase technique from above. Now, all of the passwords are securely guarded by a super-password. This of course is somewhat of an extreme example and may not be practical for everyone.  This program also allows a user to change their passwords for different logins and keep them nice and organized.

Passwords should be regularly changed every few months.  As a general rule, change your passwords routinely at least every 6 months. By following the guidelines in this article about what to contain in a password, and an example of how to “self-encrypt” a password, your data will be more secure online. Security vendor Kasperski has a very nice tool that allows you to check how “strong” your password is.


Comments are closed.