Approaches to Creating & Protecting Strong Passwords

Strong passwords are an important protection to help you have safer online transactions. The key to a password strength is length. An ideal password is at least 15 characters and has letters and numbers.

Things to avoid when creating strong passwords

  • Using the same password for multiple sites.
  • Sequences or repeated characters.
  • Personal information: your name, username, birthday, driver’s license or passport number, or similar information.

Change your password every 12 months

The main problem, of course, is that a password that is long and complex is also hard to remember. The two methods below are ways to create strong passwords that can be remembered.

Method 1: Passphrase

Passphrases operate on the same principle as passwords and are used in exactly the same way. However, they differ from traditional passwords in two main ways:

  • Passphrases are generally longer than passwords. While passwords can frequently be short passphrases have larger minimum lengths and, in practice, typical passphrases might be 20 or 30 characters long. This greater length provides more powerful security; it is far more difficult for a cracker to break a 25 character passphrase than an 12 character password.
  • The greater length of passphrases allows you to create a memorable phrase rather than a cryptic series of letters, numbers, and symbols. There are usually different rules for determining valid passphrases. Systems that use shorter passwords often disallow actual words or names, which are notoriously insecure; instead, your password is usually an apparently random sequence of characters.

A passphrase uses multiple natural words or phrases to construct the password. Because the characters that make up a word naturally have a relation to each other they can be thought of as atomic units. When you think of the word “chair” you don’t think of the letters c-h-a-i-r, you think of the single item you know to be a chair. So instead of thinking about a password as being made up of 12 or 13 characters, start to think of a passphrase as being made up of 5 or 6 words.

The added strength of a passphrase comes from its length. In fact, the 5 word passphrase in the example is roughly equivalent to an eleven-character traditional password. The passphrase is superior, however, because we already know that people aren’t likely to remember an eleven-character password. So in effect, we’re getting the “strength” of a complex short password in a form that is easier for users to remember and easier for them to type.

Just as a traditional password is stronger when constructed of truly random characters, a passphrase is going to be stronger if it is made up of truly random words that have no relation to each other and make no sense as a true phrase. If this becomes too hard to remember, however, it is better to simply have a long memorable passphrase, perhaps with special character punctuation.

Finally, just as you wouldn’t want a single common word to be used for a traditional password, you don’t want a common phrase, lyric, title, quotation or cliché to be used as a passphrase.


Method 2: First Letter Mnemonic

Use the first letter of words in familiar sentences.

Start with a sentence or two (about 10 words total). Think of something meaningful to you. Long and complex passwords are safest. I keep mine secret. (10 words)
Turn your sentences into a row of letters. Use the first letter of each word. lacpasikms (10 characters)
Add complexity. Make only the letters in the first half of the alphabet uppercase. lACpAsIKMs (10 characters)
Add length with numbers. Put two numbers that are meaningful to you between the two sentences. lACpAs56IKMs (12 characters)
Add length with special characters. Put special characters on each side of the numbers. lACpAs?56*IKMs (14 characters)

You can make up your own “rules” (e.g., when to use uppercase vs. lowercase, where to stick special characters, etc.), but as long as you’re consistent it should be easy to remember your passwords.

How to Protect Your Passwords

The easiest way to “remember” passwords/passphrases is to write them down. It is okay to write passwords or passphrases down, but keep them in a secure safe place such as in your wallet with your credit cards.

5 Tips to Help Keep Your Passwords Secret

Treat your passwords with as much care as you treat the information that they protect. Use strong passwords or passphrases to log on to your computer and to any site where you enter your credit card number, or any financial or personal information—including social networking sites.

  1. Never provide your password or passphrase over email or in response to an email request. 
    Internet “phishing” scams use fraudulent email messages to entice you to reveal your user names and passwords, steal your identity, and more. Learn more about phishing scams and how to deal with online fraud.
  2. Do not type passwords/passphrases on computers that you do not control.
    Computers such as those in Internet cafes, computer labs, kiosk systems,
    conferences, and airport lounges should be considered unsafe for any personal use other than anonymous Internet browsing. Cyber criminals can purchase keystroke logging devices which gather information typed on a computer, including passwords and passphrases.
  3. Don’t reveal passwords to others.
    Keep your passwords/passphrases hidden from friends or family members (especially children) who could pass them on to other, less trustworthy individuals.
  4. Protect any recorded passwords or passphrases. 
    Don’t store passwords or passphrases on a file in your computer–criminals will look there first. Keep your record of the passwords and passphrases you use in a safe, secure place.
  5. Use more than one password. 
    Use different passwords and/or passphrases for different Web sites and services. Test your password and/or passphrase with a password checker. Check your password or passphrase for strength by going to: