It’s very difficult to create a complex password nobody will be able to guess or easily use a program to crack while also being memorable at the same time. Typically you have to find the sweet spot between complexity and memorability in order to create a useful password. Here’s what to do when trying to design a password yourself.

What not to include

  • Words in any dictionary.
  • Your user name
  • Your real name
  • Your partner’s name
  • Anyone’s name that could be pulled from social media
  • Any word in any `cracking dictionary.” There are lists of words that crackers use to try to crack passwords: passwords that a lot of people use. Some of these lists include: Abbreviations, Asteroids, Biology, Cartoons, Character Patterns, Machine names, famous names, female names, Bible, male names, Movies, Myths-legends, Number Patterns, Short Phrases, Places, Science Fiction, Shakespeare, Songs, Sports, Surnames
  • Any of the above, with a single character before or after it (“8dinner”, “happy1”)
  • Any of the above, capitalized (“cat” –> “Cat”)
  • Any of the above, reversed (“cat” –> “tac”), doubled (“cat” –> “catcat”) or mirrored (“cat” –> “cattac”)
  • We used to tell people that taking a word and substituting some characters (a 0 (zero) for an o, or a 1 for an l) made a good password. This is no longer the case. New crackers have the capability to crack things like this easily nowadays as they can get around these variations
  • Words like “foobar”, “xyzzy” and “qwerty” are still just plain words. They are also popular passwords, and the crack programs look for them. Avoid them
  • Sequences of numbers or letters like ‘abcdefghi’ or ‘123456789’

 

Don’t let anyone know it

Your password is private and every time you give a password you are creating a possible security breach. For your personal account, only you should know your details and never write it down where it can be accessed easily. For a business account or such, you should only give them to those that absolutely require the access, such as a systems admin for your business computer account, as they will require it to fix any problems that appear. But as such, you should never ever give it out to anybody.

What to include

  • Choose a password that is at the very least 8 characters long. This should be long enough to help reduce the chance of a brute-force attack cracking your password. But the ideal average for a good password is about 15 characters.
  • In general, a good password will have a mix of lower- and upper-case characters, numbers, and punctuation marks, and should be at least 6 characters long. Unfortunately, passwords like this are often hard to remember and result in people writing them down. Do not write your passwords down!
  • You can sometimes use control characters. Just bear in mind that a lot of them have special meanings. If you use ^D, ^H or ^U, for example, you might not be able to log in again. But it isn’t recommended to use these as they aren’t universal or practical with all computers as the commands on various computer makes are different.
  • Think of an uncommon phrase, and take the first, second or last letter of each word then insert a capital letter, punctuation mark and a number or two in there randomly for a strong password.
  • Deliberately misspelling one or more words can make your password harder to crack.
  • Something that no one but you would ever think of. The best password is one that is totally random to anyone else except you. It is difficult to tell you how to come up with these, but use your imagination!

Keep in mind that things like password length and complexity are becoming a standard now for many services that require you to create a password. If you need an even more secure password there are websites that will create a completely randomised one for you at the click of a button such as Strong Password Generator. Of course if you use sites like these to generate passwords they’ll be extremely secure one but you will likely forget them a lot easier than creating one yourself, but if you can record it and store that password in an extremely secure location then that works too. Overall, your password choice is up to you and we can only help you establish guidelines for making sure all of your passwords are secure and resistant to most forms of password cracking. One final tip.. I would work on password layers to help ease the password memory bank! For your elite password this could be just the bank password, your email password should always be different from any other password. Site registration and forums can all have the same password if they are just basic low value logins.