What Makes A Strong Password

February 02, 2011

Passwords. You need them everywhere and all the time.

To maintain the highest level of security to your information, it is necessary of you to change your password at least once each year. Alas, choosing a simple password will not be good enough with todays ever-growing society of computer hackers. Great news for you- I’ve created a breakdown of a few rules you can go by to create your new, strong password- without it being too difficult to remember or easy for others to figure out.

What’s in a strong password? A strong password has several characteristics, it:

  • Consists of at least 6 characters (Longer is better!)
  • Contains a combination of numbers, letters, and symbols (if allowed)
  • Utilizes case-sensitivity

Now that we have identified what makes a strong password, let’s lay down some ground rules.

A password should not:

  • Contain any words found in a dictionary
  • Contain any part of the username (or your name) (IE. username: tombeute password: tomtom)
  • Directly relate with any public information about you
    (For example: If you’re really into baseball and the whole world knows, do not make your password ‘yankeefan’ or ‘baseball’ or any variations similar; such as replacing letters with numbers.)

To ensure the safety and security of all of your information- locally and in the cloud (internet), you will need to make a password that is difficult enough (for a stranger) to guess, but easy enough (for you) to remember.

Password Creation 101 (Methods):

  • The Pass-Phrase
  • The Key-Mapper
  • Completely Random
  • Master Password

The Pass-Phrase is a method of password creation involves a sequence of words or other text used to encrypt a password.

  1. To create a pass-phrase, start with a sentence that is easy for you to remember. Note: It could be the first line of your favorite song, a movie title, anything!
    Pass-phrase example: I live in New Jersey with 3 sisters.
  2. The pass-phrase will now be encoded and condensed to your preference, being sure to utilize the characteristics of a strong password.
    Pass-phrase example: iLIN3wJw/3S

Pass-phrase encryption will make your life easier when creating and recalling passwords. To illustrate how I came up with my encoded pass-phrase, let’s take a look:

iLIN3wJw/3S = I live in New Jersey with 3 Sisters

  • i = I
  • L = live
  • IN = in
  • N3w = New
  • J = Jersey
  • w/ = with
  • 3 = 3
  • S = sisters

And there you see how easy it is to utilize the pass-phrase method!

The Key-Mapper is another method of password creation, however it might not be as easy to remember as a pass-phrase will be.

  1. To create a key-mapper style password, think of a password you might commonly use.
    Key-Mapper example: fanboy5
  2. Now, that isn’t the best password to use because it contains a dictionary word. Instead, let’s use a new mapping on our keyboard to represent each letter. For example, each letter will now be represented by the letter one key to the right of it. (f = g, a = s, n = m)
  3. Our re-mapped password of fanboy5 is now encoded;
    Key-Mapper example: gsmnpu6

Feel free to further enhance your key-mapped password by using fancier key-map patterns (perhaps one key up and one key to the left). Also, replace certain letters with symbols to further secure your password.

A Completely Random password is hands-down the least convenient method of password creation and can be arguably the most secure method of password creation- it is simply a random computer generation of numbers, letters, and symbols (optional).

Obviously, the creation of a random password is straight forward. However, in case you would like a computer to do the randomization for you then visit

The Master Password method of password creation is nothing more than a method to avoid use of the same password for each website you belong to.

The concept is simple, let’s refer back to our pass-phrase password of: iLIN3wJw/3S. That will now be known as our master password.

To keep this password easy to remember, yet secure enough that I’m not using it on every site, we can prefix or suffix the password with hints.

Example usage of our password on different sites:

  • _Gmail = _iLIN3wJw/3Sgma__
  • _Facebook = _iLIN3wJw/3Sfac__
  • Twitter = iLIN3wJw/3Stwi
  • _Skype = _iLIN3wJw/3Ssky__

There are several other ways to use a master password, just remember to keep your algorithms consistent and you will never forget another password!

Last Minute Reminders!

  • If you find the need to write down your password, use common sense! Do not write it on a post-it on your desk, do not save it in a file on your desktop entitled ‘passwords’.
  • Do not use the same password for multiple applications.
  • Do not use obvious information about you in your password.
  • Be sure any password reset questions do not contain obvious information! **

While there  are still many more risks posed to the security of your information other than password compromisation, you can be one step ahead by having a strong password. Be sure to refresh your password annually, and do not share your password with anyone other than yourself.

Tom Beute

Written by Tom Beute– a Christian, barista, and software engineer.