Maximize Your Security: 5 Steps For Strong Passwords (with Examples)

No one shows you this unconventional way of creating an almost unbreakable password. It’s the key to having a secure password to lock out hackers. So, what is an example of a strong password?

An example of a strong password is “Cartoon-Duck-14-Coffee-Glvs”. It is long and contains uppercase and lowercase letters, numbers, and special characters. It is a unique password created by a random password generator. Strong passwords can be remembered but should not contain personal information.

Cartoon-Duck-14-Coffee-Glvs is my password sample. Please don’t use it now that I’ve published it here. Let’s generate an easy example for you in the next section. Below is a password generator tool and some clever methods to boost your password strength.

How To Create A Strong Password In 5 Easy Steps


1. Generate It (Through Password Generators)

The above tool will suggest strong password examples that are easy to remember and unique. Each time you visit this page or click the “New Example” button above, it generates a new random passphrase.

The words come from a list of the top 1500 most common English nouns published by I posted the source code for inspection and improvement.

Using the above strong password generator, you can create a solid list of password ideas.

Are you wondering if using a password generator is safe? I dug into some frequently asked questions and provided 13 tips about passwords that I didn’t include in this article.

2. Enhance It (Making Words Into Phrases)

Enhance your password by adding your flare. Swap the word order or change a word or two, so you can form a mental image or story with the passphrase.

3. Store It (In Mental Images Or A Tool)

Our brains are designed to remember visuals and ordered events. Leverage this mental wiring to help you memorize the words in your strong password. This trick is one of the secrets used by the top competitors in the World Memory Championships.

Same vector graphic of a cartoon duck holding a to-go cup of coffee this time with a starbucks logo on it still next to that same horribly-photoshopped pile of 14 gloves

In my duck example, I might add a mental logo to the coffee cup to recall that the password belongs to my Starbucks login.

Ultimately, we’ll use a password manager to store your passphrase.

4. Un-Dictionary It (To Stop Dictionary Attacks)

Basing passwords off words from any dictionary is a bad idea, which is item #3 in our 6-point password checklist.

Attackers run several tools that quickly try common words. This is called a dictionary attack.

Here’s how to fix the problem: In your passphrase, choose one of your words, first, second, last, whatever. Drop the vowels in the word in that position.

Going back to my duck example: I’ve made an iron-clad promise to myself that I will always modify the last dictionary word in every password I create.

My final example of a strong password is “Cartoon-Duck-14-Coffee-Glvs”. I have modified Gloves to Glvs. Promise kept.

5. Measure It (To Prevent A Brute Force Attack)

Test the password strength on HowSecureIsMyPassword, a service provided by the password manager Dashlane. You can also check if your new secure password is already hacked at HaveIBeenPwned, a site from security researcher Troy Hunt. The project collects and helps users identify passwords included in any data breach.

Using these tips will allow you to create a robust password for

  • School, college, and university
  • Critical work or job-related systems
  • Satisfy most website password length and complexity requirements

Length and Size Matters To Avoid Weak Passwords

Let me tell you a secret. The whole concept of a password is really weak, but your beautiful new password is an excellent step in the right direction, and here’s why.

What is a good password?

Throughout my research, the two most critical factors in a more secure password are its length and the character space or types of characters used.

A short password using a large character space can still be easily cracked. For example, let’s measure a short 8-character password with 2 capital letters, 2 lowercase letters, 2 numbers, and 2 special characters.

Screenshot from grc's password haystacks showing an analysis of a complicated but short password

Yup. It only takes a few minutes to a few hours to crack this password. It’s also not memorable.

A longer password using only one character type is a little better.

Screenshot from grc's password haystacks showing an analysis of a long password with only numbers

This numbers-only password is more than double the length and easy to remember, combining a mobile phone number and birthdate, but it can be cracked in a few days. The personally identifiable information (PII) helps the attacker. Later, we’ll talk about using a password manager so that we don’t use PII to construct passphrases.

Measuring the search space of my duck example password on Password Haystack, you can see the time to crack is much longer.

Screenshot from grc's password haystacks showing an analysis of a long & complicated password

Please never use any personally significant information in a password, family members’ birthdays, favorite teams, maiden names, names of schools, etc. are easy to find online, so they’re off-limits.

Remember, we’re trying to prevent your account from being hacked and your data from becoming part of a data breach.

What NOT to Have In Your Password

Over the years, I’ve seen some awfully weak passwords from breached data sets. I’ve also committed some password-creating sins myself. The following is a list of places NOT to derive parts of your passphrase:

  • Personally-Significant Names: family, pets, cities…
  • Significant Information: dates, phone numbers, email, street address, zip or postal codes…
  • Popular Culture: favorite movies, sports team names, quotations…
  • Common Substitution Patterns: password => p@55w0rd, letmein => l3tM3!n, 123456 => one2three4five6
  • Login Username: do not repeat any part of your login username
  • Memorable Keyboard Paths: QWERTY, 12345678, ASDFGHJKL
  • Dictionary Thwarting: reversing words, common misspellings, dropping significant letters

Use this list of what-not-to-dos to check that your passwords aren’t vulnerable.

Critical Advice: Please do not use any strong password list you find on the internet somewhere. Your password should not be published to the public at any point.

Troy Hunt authored a detailed analysis of password derivation sources and the biggest takeaway points out that…

Truly random passwords are all but non-existent – they’re less than 1% of the data set. 

Troy Hunt, July 18, 2011

You, my astute reader, may have noticed I just contradicted myself, listing “dictionary thwarting” as something to avoid. For those that have yet to read this article, your long, character-diverse, memorable password is far more secure than theirs even without our “un-dictionary step”.

Let’s take your password creation skills up one more notch.

Convert A Passphrase To Random Password

Security researcher, Bruce Schneier, outlined an ingenious method in this article to create a password that’s still easy to remember, but harder to crack. Use this method when you must type a password several times a day. This also works well for your password manager’s master password which should be the single password you remember from here on.

I’ve slightly modified Mr. Schneier’s method using a personal, time-delimited goal. Here’s my secret formula for creating a strong password:

  1. Pick a goal.
  2. Make a sentence including a near-term future date. Write your sentence as if you’ve already achieved the goal.
  3. Adjust the wording to add special characters and some additional numbers.
  4. Write down the first character of each word and any numbers and symbols.

Here’s my personal example:

  1. I’d like more of this blog’s articles to rank at the top of Google search results.
  2. Today, Sept 17, I have 13 Data Overhaulers articles ranked first on Google.
  3. Today, 9/17, I have 13 Data Overhaulers articles ranking #1 on Google.
  4. T,9/17,Ih13DOar#1oG. (5 upper-case, 4 lower-case, 6 digits, 5 symbols = 20 total characters)

Using this method requires you to repeat a specific goal in your head and heavily encourages you to change your password regularly, especially if you include a year.

Your Critical Next Steps

1. Store your unique passwords in a trusted password manager program

Good for you if you already use a password manager like Bitwarden or 1Password. If not, what are you doing? They’re a cinch to set up and will help prevent suffering through a hack.

With proper password management, you’re not only securing your password, but you can also use unique usernames or a dedicated email address, so your identity across online accounts is not linked to your personal information.


In addition to complex passwords, password managers can also store other sensitive information like credit card numbers, social security numbers, passport information, and even secure notes and files.

2. Never reuse your passwords or a PIN code

You created your killer password. Now, use it only once. Do not reuse any passwords from this day forward…ever.

Remember, you should have an entirely unique password for each website and service. Don’t use your Facebook password for other social media accounts like Twitter, Instagram, LinkedIn, etc. This advice is especially crucial around sensitive accounts like your Gmail (or any email account), and financial, or medical sites.

The same advice includes your PINs no matter the code length. Store them in your password vault too.

3. Enable two-factor authentication

Passwords suck.

Turning on two-factor authentication (2FA) is crucial for all your accounts, especially the really sensitive ones.

This second layer of security may be called:

  • Two-Step Authentication (2SA)
  • Two-Factor Authentication (2FA)
  • Multifactor Authentication (MFA)

Using multi-factor authentication provides an extra layer of protection in case a company has a data breach and your passwords are stolen.

4. Lie on your security questions

When websites add layers of security, they often make you create or select security questions and provide answers.

Since you’re now using a password manager with a strong master password, you can now lie on these security question answers.

This decreases the possibility that an attacker might find your real-world security answers from social media or other publicly available sources.

Record the questions and false answers in the notes section of each login record in your password manager.

5. Never email or text your passwords to other people

Email and MMS/SMS text messages were designed before message security was a large concern.  Please do not use these communication methods to share passwords.

Encrypted messenger apps, in-vault-sharing, and link-expiring services (PrivateBin) are much better ways to send your password.

Shockingly-Fast Crack of Your Windows Password

Are you using Windows? Here’s a prime example to consider Windows alternatives.

Kevin Mitnick is a computer security consultant, author, and convicted hacker. In this video (3m32s@2x), he uses a readily available hacking tool to crack a Windows password in about 30 seconds.

(I’ve fast-forwarded to the right spot) 

Final Advice

We’re stuck with using passwords until the tech industry settles on something both easy-to-use and secure.

If you need to generate a memorable password, create a long passphrase composed of random words that form a picture or story. Ensure that upper- and lower-case letters, numbers, and symbols increase the character search space. Finally, adjust one of the words to remove it from a dictionary attack.

It’s essential to limit the number of passwords or passphrases you commit to memory to 1-3. Use a password manager with two-factor authentication enabled for all other account credentials.

Mike Chu

Mike is a web developer and content writer living as a digital nomad. With more than 20 years of devops experience, he brings his "programmer with people skills" approach to help explain technology to the average user. Check out his full author bio by clicking here.

Recent Posts