How to Create a Secure Password

Think your password is secure? Think again.

Chief Technology Officer of Resilient Systems Bruce Schneier says that elite hacking software can test up to eight million passwords per second. Dedicated hackers will run their programs for days or even months in order to infiltrate private data. Low profile hackers still have many techniques up their sleeve and can identify the most common words, letters, numbers, and patterns associated with passwords.

How can you create a password that’s totally unique and safe from hackers?

You will need something that is extremely hard to guess and something that only you can ever identify. Here are a few techniques:

First of all, avoid things that are commonly guessed. This includes dictionary words, names, obvious substitutions (“0” to replace “o,” “$” to replace “s” and so on), pet names, generic number strings (“123,” “333,” etc.), numbers related to your phone number or zip code, and places. These make for very generic passwords and may be difficult to guess for everyday people, but are easy targets for experienced hackers.

Like any website will tell you, your password should be a decent length and contain a mix of upper-case and lower-case letters, numbers, and symbols. It goes without saying that the longer a password is, the more secure it is. You want at least 12 characters and any more than that is just icing on top of the cake. If you’d like to be extra secure, avoid common password patterns. Such trends include adding a few numbers after a dictionary word or only capitalising the first letter of the password.

One creative way of creating a unique password, developed by Schneier, is to abbreviate a long sentence. For example, take these sample passwords:

• Tgpr7tbIpuaTa = The grey phone rang seven times before I picked up and Tony answered.
• CC&BKr2otbsfdot20’s = Charlie Chaplin and Buster Keaton are two of the best silent film directors of the 20’s.
• NdGTiafs,t,aa.IlhvoC = Neil deGrasse Tyson is a fantastic scientist, thinker, and academic. I loved his version of Cosmos.

If you want to be extra secure, avoid simple sentences. Don’t use movie quotes, book verses, or famous phrases or sayings. You probably won’t have to worry about someone cracking a password for a famous quote (H.MniIM.Ukmf.P2d. = Hello. My name is Inigo Montoya. You killed my father. Prepare to die.), but an obscure sentence is apparently much harder to guess.

Another technique is the PAO Method also called the Person-Action-Object method.

Just create an amusing story using a famous person, some action, and an object. For example, you could write “Walter White was swimming in a pool of pudding,” as “WalWhiswipud.” Congrats! You just developed a very secure 12-character and hard-to-guess password. Find ways to add numbers and symbols and to mix lower-case and upper-case letters to make it harder to crack.

You should aim to have a different password for each website you use. That way, if someone finds one of your passwords, they won’t have your passwords for each other site. Unfortunately, this can be a lot to remember.

There is a simpler solution. If you use a base password for each account, tailor it to match whichever website you’re logging into. For example, if your generic password is “Password5555”, you can slightly modify it for Amazon by changing it to “Password5555AZ.” Try and be creative so that your pattern isn’t immediately evident to anyone who might obtain it.

You can also use muscle memory to remember complex passwords. This technique will take some getting used to, but people who continuously type in the same thing over and over eventually become used to it. This is how people can memorise long card numbers or phone numbers.

Finally, remember not to use the same password for important accounts. Sure, it might not be a big deal if someone hacks into an account you don’t care much about, but your bank and email should be extra secure. You can use apps like the Universal Password Manager to store all your passwords, though an app like that is still at risk for hackers. You can also keep a physical copy of all your passwords so that nobody can access them online.