Security Mecca

Building the Right Password

Posted in Articles, Home Users, Linux, OS X, Tutorials, Windows on


Passwords provide the first line of defense against unauthorized access to your computer. The stronger your password, the more protected your computer will be from hackers and malicious software. You should make sure you have strong passwords for every account you use.  In this article I'll provide the foundation for creating a strong password and also a few tips on how to create and memorize them.

Building a Strong Password

The foundation to building a strong password involves making sure that your password includes certian criteria. 

  • Include punctuation marks and/or numbers.
  • Mix capital and lowercase letters.
  • Minimum of 8 chracters in length.

Things to avoid to maintain the integrity of your password:

  • Never write it down
  • Never tell anyone
  • Never send it over email
  • Do not use personal information
  • Do not use real words
  • Do not use example passwords from any website

You might be wondering why do I need to include punctuation and capital letters. Think of if you were trying to crack a password. Would it be hard to guess a password that had only lower case letters? Yes. How much harder would it be if you knew it had at least one punctuation mark and number? Your statistical odds of figuring it increase exponentially.

If you follow at least these 8 rules, every password you will create will be relatively strong and difficult to guess. Now, you may be thinking, "Great, now how do I remember it?"

Memorization of Password

There are many sites out there that advise you on what to do to help create a strong password, I'll be the first one to tell you: Do what you think is best for you in terms of memorizing a password. Many sites offer methods that may not help you memorize a password. The bottom line is, if that tool doesn't help you memorize the information you don't have to use it.

The most common method to creating strong passwords that are easy to memorize is to take a common phrase and manipulate it so that it will be easy to remember and also include features that make it stronger.

Remeber to avoid using personal information in passwords. A motivated hacker can easily find information through social engineering and then potentially guess your password. The concept behind creating a strong password it to make it difficult to guess and brute force attack. Using this method for memorization is alright but make sure that your final verison of your password doesn't have any dictionary words in it. Using really words is a simple criteria that can help hackers who are using tools to crack your password quickly.

Other tricks to help make a password more memrable, is to create phonetic replacements, such as 'Luv 2 Laf out loud' for 'Love to Laugh Out Loud'. This method will help you manipulate dicitionary words allowing you to still remember your original phrase. You could also choose to manipluate your phrase by including looking substitutions, such as the number zero for the letter 'O' or '$' for the letter 'S'.  The pass word 'Luv 2 Laf Out Loud' could now become 'L0v 2 L@f  0u! L0u&'.

Another way to change your phrase could be to removes vowels from phrases. "Take me out to the ballpark" becomes "tkmttthbllprk". Add some numbers and symbols and you have a rather secure password that could be easy to remember.

Lastly, if you have lots of accounts (which means different passwords for each!) you don't have to memorize them all. You only need to memorize one if you choose to use a password managemnt tool. These are great ways to safely store and remember passwords in an encrypted form.

Maintain Password Strength

Great! Now that you have your password built, memorized, or stored in a password manager/vault in about 30 days change it. That's right. Ultimately, if a password sits somewhere long enough you are giving a motivated hacker time to set a program to break it. If your password is strong enough a brute force attack should take some time. Rotating your password ensures that the brute force attack will never be successful because by the time the attack gets close to success you rotate and it has to start all over. 

Another way to ensure password strength is to use a unique password for every account. This compartmentalizes your accounts so if one is hacked all of the others still remain safe and you minimize your loses.

If you follow these steps you'll be in great shape to improving security of your computer life. It sounds like work and it is but once you have a personalized system down for creating strong passwords it will be  easy.


about the author

More about Kyle Gulau:
Kyle Gulau enjoys computer programming as well as drumming and skiing. He is currently a student at Western Michigan University is active in the CIS program and FIN program.

questions or comments?

If you have any questions or comments about this article, feel free to contact us!

talk back! questions/comments, and feedback. keep it polite, please