How to Create a Strong Password
If you’ve spent any time online, then you’ve no doubt heard the advice “choose a strong password” at least a million times.
But, what does that actually mean? What constitutes a strong password today is much different than what having a strong password meant five years ago.
Security standards are ever evolving and your passwords need to keep up. After all, when was the last time you updated one of your passwords?
Below you’ll learn the importance of having a strong password, what makes a password nearly unbreakable, and finally how to use the latest password security techniques to create an unbreakable password.
Why You Must Have a Strong Password
I know, it’s easy to get lazy with your passwords and simply reuse the name of your favorite pet over and over again. Sure, it’s easier and you’ll never forget the name of your precious Baxter. But, it’s also incredibly dangerous.
A strong password is your first line of defense between your personal information and accounts and the threats that exist online.
Call it optimism bias, but we never think that we’ll experience any negative consequences online— sure, it’ll happen to other people, but not to us.
We think that identity theft, bank account hacking, social media and email hacking, and fraudulent purchases will always happen to someone that isn’t us.
But, this is a dangerous trap to fall into. Look what happened to technology reporter Mat Honan, when he was the target of a cyberattack.
There are other steps you can take to protect yourself online. But the first line of defense is the strength of your passwords.
Still not convinced, then try these stats via TeamsID on for size:
- Nearly 90 percent of user-generated passwords are vulnerable to hacking.
- The 10,000 most common passwords can access 98 percent of all online accounts.
- 21% of people use passwords over 10 years old.
- 73% of online accounts are using duplicate passwords.
Not only are most people using passwords that are incredibly easy to hack, but they’re using those passwords across multiple different accounts. This leads to the domino effect, once one account is compromised, so are the rest.
We use the internet to exchange sensitive information on a daily basis, from banking information, to credit card details, to intimate details of our relationships and working lives. And the only thing standing in the way between our data and a malicious hacker is a weak password.
What Makes An Unbreakable Password
There are several components that make up a super strong password. Before I get into specific password creation methods, it’s important to cover a few basic principles to keep in mind while brainstorming your new passwords.
Components of an unbreakable password:
- Avoid any common words like places, names, and words found in the dictionary.
- Make your password as long as possible, at the very least it should be 12 characters.
- Use a wide array of punctuation, numbers, spellings, and capitalization.
Using these three rules alone will improve the strength of your password and elevate it above most existing passwords out there. When it comes to password security you’re competing against advanced password crackers ready to exploit any points of weakness.
To get a clearer picture of your password’s security you can run it through a tool like the Online Domain Tools Password Checker.
This tool will give your password a breakdown based upon the use of any dictionary words, the amount of character variations used, as well as the time it would take to actually hack your password. You’ll learn about even more useful password security tools later on.
With the basic principles above you’re equipped to dive into the most useful password creation methods available.
How to Create a Strong Password
There’s no single method for creating a ridiculously strong password. In fact, there are multiple methods you can utilize to generate new passwords.
Below you’ll about five different password creation methods you can employ.
1. The Passphrase Method
The passphrase method will end up giving you a very strong password that’s also one of the easier ones to remember.
With this method, you create a random set of words and string them together. So, “spaceship floor hat gaseous clever”. The words will need to be random, varied, and don’t combine into any logical phrases. It’s the randomness of the word choice, plus the varying length of each word that makes it strong.
If you’re having a hard time coming up with a list of random words, then you can use the random word generation method offered by Diceware, all you need is a set of die.
You can enhance the security of your passphrase by adding characters and symbols in between each word, or in place of certain letters.
So, from the passphrase above you could insert characters like “spacesh1p@fl00r_hat*gaseous^ clev3r$”. This will make the password more difficult to remember, but it’s still easier than trying to remember a random string password.
Finally, the longer your string of random words the better. I’d recommend going up as high as 12 random words.
2. The Person-Action-Object Method
The Person-Action-Object method also called the PAO method is based upon mnemonic memorization techniques, which you can apply to the password landscape.
Essentially, you’ll be creating a PAO story, which you’ll then convert to a password. This style has the advantage of using memorization techniques based on how our brains store data, so passwords created with this technique will be much easier to remember.
Here’s how you create a PAO story:
- Choose an interesting person
- Choose an action for that person.
- Choose an object for that action.
The process works like this:
- Tom Hardy is our interesting person.
- Our action for Tom is building.
- Our object is a wooden unicycle.
Now we’ve got our PAO phrase that includes visual cues and a strange scenario—it’s time to turn that into a password.
So, “Tom Hardy building a wooden unicycle” would become “T0hbLd@w0u|\|i”. You can even combine multiple different PAO stories to extend the length of your password, or include more characters to represent each phrase.
3. The Bruce Schneier Method
Bruce Schneier is a security expert who put forth a password method back in 2008 that he still recommends to this day.
The method is simple on the surface.
You just take a sentence and turn that sentence into a password.
This same method is recommended by ethical hacker Kurt Muhl to create a strong yet memorable password.
Let’s look at an example:
“I love my new home in Lake Tahoe, California!” will turn into “1L<3mnHiL@tcA”.
Your final password will resemble a random string password, but it will be much easier to remember, at least for you.
4. The Random String Method
The random string method can also be called keyboard mashing. You can probably guess what the process entails…
Just mash your fingers across the keyboard. Here’s what I get: hi”ePb&f9rg9(*gK.L
Now, that password is quite strong. It includes a random string, multiple letter cases, characters, and numbers, plus its 18 characters.
The biggest difficulty with this password is actually remembering it. It’ll be hard to tie it to a memorization technique. However, if you’re using a password manager to remember your passwords for you then creating your passwords this way could work.
5. The Traditional Method
For the final method, we’re going to employ traditional password advice.
Here are the rules we’re gonna follow:
- Include multiple letter cases, numbers, and symbols.
- Don’t use dictionary words or commonly combined dictionary words.
- Don’t use obvious number/letter substitutions.
- Create a password that’s at least 12 characters in length.
Here’s what we get following the rules above, “RA1n8ow!G@ze\\;”. That password isn’t bad, it uses the words rainbow and gazelle, but not the dictionary spellings and those words aren’t commonly combined. It also uses multiple different characters, numbers, and letter cases. Plus, it’s 15 characters long.
The final password isn’t as strong as some of the others generated above, but it’s still better than most.
Password Security Tips
With your uber strong password created you’re almost done. Creating a strong password is just the first step. To take your levels of security as high as possible consider the following tips.
1. Don’t Reuse Your Password
It can be very appealing to use the same password for multiple accounts. This is especially true if you’ve gone through the process of creating an incredibly strong password.
It’ll take more work, but creating new passwords for every single account is an absolute necessity.
Think of it this way—using the same password for multiple accounts exposes you to risk. If that one account is compromised, so are the rest. Don’t leave yourself open to the domino effect.
2. Don’t Store Passwords in Your Browser
Another common password remembering “trick” is to store all of your passwords as cookies in your browser window. That way whenever you visit the site your password is there and logging in is as simple as clicking a button.
This can be tempting, I know.
For a hacker to obtain access to your passwords stored in your browser they just have to get past you, not the security teams at the above companies.
By storing your passwords in your browser you make it very easy for a hacker to trick you into giving them your password.
3. Use Two-Factor Authentication
You can add an additional layer of security to your passwords by using two-factor authentication. You shouldn’t rely on this alone, but instead as a way to bolster the existing security of your password.
Not every application will support two-factor authentication, but you can run the site through this tool to see if it’s supported.
The most secure method is to utilize one of the two-factor authentication apps like, Google Authenticator (also available for iOS), LastPass, and Authy. For most services you also have the ability to turn on two-factor authentication via SMS, however this will be the least secure approach, and will leave you vulnerable to hackers.
4. Treat Your Security Questions as a Defense
Most people think of their security questions as a way to remember their own passwords, in case they forget. However, most of the security questions you can choose from can be easily guessed by a hacker.
Information like an old street address, the town you went to high school, and your mother’s maiden name can all be found online.
Instead, treat your security questions as additional passwords themselves. Make up answers to the questions that are entirely false and hard to guess. Then, store those answers in a secure password manager in case you ever need to access them.
5. Use a Secure Password Manager
It’s going to be nearly impossible to remember every single new password you’ve created. To get around this difficulty it’s a good idea to use a secure password manager.
Your password manager will be guarded by another incredibly strong password—this being the only one that you actually need to remember.
The password manager you choose will depend upon your OS, however, most are available for multiple operating systems.
Some great password managers include:
So, how does a password manager work?
When you navigate to a web app that requires a password your password manager will pop-up and you’ll enter that single password and the details will be inserted automatically. Or, if you’re already logged in to your password manager, then your login details will appear automatically. No need to remember that complex string of characters you created above.
6. Test Your Passwords in Real-Time
When you’re in the password creation phase you can use online tools to test the strength of your password. If you’re already using a password manager, then the strength of your password will automatically be evaluated.
If not, then use the following sites to test your password strength before choosing a password:
- Check My Password
- How Secure is My Password?
- How Strong is Your Password?
- How Big is Your Haystack?
- My Password Meter
Hopefully, by now you have a greater understanding of the importance of creating a strong password, and the steps you can take to do just that.
It’ll take some time to update all of your old passwords to newer, stronger versions, but the time spent will be well worth it. Your personal privacy is at take. Remember, when it comes to protecting yourself online, the proactive approach is always the best route to take.
Still have questions related to crafting an unbreakable password? Ask away in the comments below.