What Is An Example Of A Strong Password? Made In 5 Easy Steps


No one shows you this unconventional way of creating an almost unbreakable password. It’s the key to having a secure password to lock out hackers. So, what is an example of a strong password?

An example of a strong password is “Cartoon-Duck-14-Coffee-Glvs”. It is long, contains uppercase letters, lowercase letters, numbers, and special characters. It is a unique password created by a random password generator and it is easy to remember. Strong passwords should not contain personal information.

Cartoon-Duck-14-Coffee-Glvs is my example. Don’t use it now that I’ve published it here. Let’s generate an easy example for you in the next section. Below is a password generator tool and some clever methods to boost your password strength.

Vector graphic of a cartoon duck holding a to-go cup of coffee next to a horribly-photoshopped pile of 14 gloves

5 Steps To Get an Easy-To-Remember & Strong Password

 

#1 Generate It

The above tool will generate strong password examples that are easy to remember and unique. Each time you visit this page or click the “New Example” button above, it generates a new random passphrase.

The words come from a list of the top 1500 most common English nouns published by TalkEnglish.com. I posted the source code for inspection and improvement.

Using the above tool, you can begin to create a solid list of strong password ideas.

Are you wondering if using a password generator is safe? I dug into some frequently asked questions and provided 13 tips about passwords that I didn’t include in this article.

#2 Enhance It

Enhance your password by adding your own flare. Swap the word order or change a word or two so you can form a mental image or story with the passphrase.

#3 Memorize It

Our brains are designed to remember visuals and ordered events. Leverage this mental wiring to help you memorize the words in your strong password. This is one of the secrets used by the top competitors in the World Memory Championships.

Same vector graphic of a cartoon duck holding a to-go cup of coffee this time with a starbucks logo on it still next to that same horribly-photoshopped pile of 14 gloves

In my duck example, I might simply add a mental logo to the coffee cup to recall that the password belongs to my Starbucks login.

Ultimately, we’ll use a password manager to store your passphrase.

#4 Un-Dictionary It

Basing passwords off words from any dictionary is a bad idea. This was item #3 in our 6-point password checklist.

Attackers run several tools that quickly try common words called a dictionary attack.

Here’s how to fix the problem: In your passphrase, choose one of your words, first, second, last, whatever. Drop the vowels in the word in that position.

Going back to my duck example: I’ve made an iron-clad promise to myself that in every password I create, I will always modify the last dictionary word.

My final example of a strong password is “Cartoon-Duck-14-Coffee-Glvs”.

#5 Measure It

Test the password strength on HowSecureIsMyPassword, a service provided by the password manager Dashlane. You can also check if your new secure password is already hacked at HaveIBeenPwned which is a site from security researcher Troy Hunt. The project collects and helps users identify passwords that were included in any data breach.

Length and Size Matter

Let me tell you a secret. The whole concept of a password is really weak, but your beautiful new password is an excellent step in the right direction and here’s why.

Throughout my research, the two biggest factors in a more secure password is its length and the character space or types of characters used.

A short password using a large character space can still be easily cracked. As an example, let’s measure a short 8-character password that has 2 capital letters, 2 lowercase letters, 2 numbers, and 2 special characters.

Screenshot from grc's password haystacks showing an analysis of a complicated but short password

Yup. It only takes a few minutes to a few hours to crack this password. It’s also not memorable.

A longer password using only one character type is a little better.

Screenshot from grc's password haystacks showing an analysis of a long password with only numbers

This numbers-only password is more than double the length and easy to remember combining a mobile phone number and birth date, but it can be cracked in a few days. The personally identifiable information (PII) helps the attacker. Later, we’ll talk about using a password manager so that we don’t use PII to construct passphrases.

Measuring the search space of my duck example password on Password Haystack, you can see the time to crack is much longer.

Screenshot from grc's password haystacks showing an analysis of a long & complicated password

Please never use any personally significant information in a password. family member’s birthdays, favorite teams, maiden names, names of schools, etc are very easy to find online so they’re off-limits.

Remember, we’re trying to prevent your account from being hacked and your data becoming part of a data breach.

What NOT to Have In Your Password

Over the years, I’ve seen some awfully weak passwords from breached data sets. I’ve also committed some password-creating sins myself. The following is a list of places to NOT derive parts of your passphrase:

  • Personally-Significant Names: family, pets, cities…
  • Significant Information: dates, phone numbers, email, street address, zip or postal codes…
  • Popular Culture: favorite movies, sports team names, quotations…
  • Substitution Patterns: password => p@55w0rd, letmein => l3tM3!n, 123456 => one2three4five6
  • Login Username: do not repeat any part of your login username
  • Dictionary Thwarting: reversing words, common misspellings, dropping significant letters

Use this list of what-not-to-dos to check that your passwords aren’t vulnerable.

Troy Hunt authored a detailed analysis of password derivation sources and the biggest takeaway points out that…

Truly random passwords are all but non-existent – they’re less than 1% of the data set. 

Troy Hunt, July 18, 2011

You, my astute reader, may have noticed I just contradicted myself listing “dictionary thwarting” as something to avoid. For those that have yet to read this article, your long, character-diverse, memorable password is far more secure than theirs even without our “un-dictionary step”.

Let’s take your password creation skills up one more notch.

Genius, Leveled-Up Password

Security researcher, Bruce Schneier, outlined an ingenious method in this article to create a password that’s still easy to remember, but harder to crack. Use this method when you must type a password several times a day. This also works well for your password manager’s master password which should be the single password you remember from here on.

I’ve modified Mr. Schneier’s method slightly using a personal, time-delimited goal. Here’s the hidden formula:

  1. Pick a goal.
  2. Make a sentence including a near-term future date. Write your sentence as if you’ve already achieved the goal.
  3. Adjust the wording to add special characters and some additional numbers.
  4. Write down the first character of each word and any numbers and symbols.

Here’s my personal example:

  1. I’d like to have more of this blog’s articles ranked at the top of Google search results.
  2. Today, Sept 17, I now have 13 Data Overhaulers articles ranked first on Google.
  3. Today, 9/17, I have 13 Data Overhaulers articles ranking #1 on Google.
  4. T,9/17,Ih13DOar#1oG. (5 upper-case, 4 lower-case, 6 digits, 5 symbols = 20 total characters)

Using this method requires you to repeat a specific goal in your head and heavily encourages you to change your password regularly, especially if you include a year.

Your 3 Critical Next Steps

1. Store your unique passwords in a strong password manager

If you already use a password manager like Bitwarden or RoboForm, good for you. If not, what are you doing? They’re a cinch to set up and will help prevent suffering through a hack.

With proper password management, you’re not only securing your password but you can also use unique usernames so your identity across online accounts is not linked to your personal information.

Pro Tip: Lie on your security questions. Now that you’re using a password manager, you can keep your challenge questions and answers in the notes field. This prevents hackers and internal employees from being able to dox or build a profile on you.

2. Be smart and never reuse your any of your precious passwords

You created your killer password. Now, use it only once. Do not reuse any passwords from this day forward…ever.

Remember you should have a completely unique password for each website and service. Don’t use your Facebook password for other social media accounts like Twitter, Instagram, LinkedIn, etc. This advice is especially crucial around sensitive accounts like your Gmail (or any email account), financial, or medical sites.

Your digital world can come crashing down when you reuse account passwords.

3. Go enable multifactor authentication

Passwords suck. Your passwords suck!

Turning on two-factor authentication (2FA) is crucial on all your accounts especially the really sensitive ones.

This second layer of security may be called:

  • Two-Step Authentication (2SA)
  • Two-Factor Authentication (2FA)
  • Multifactor Authentication (MFA)

We have your easy, step-by-step guide that walks you through the process.

This extra layer of online security thwarts hackers’ access to your digital life.

The above three simple steps will further tighten your cyber security around your most sensitive accounts like your online banking, credit card, email, and social media services.

4. Lie on your security questions

When websites add layers of security, they often make you create or select security questions and provide answers.

Since you’re now using a password manager with a strong master password, you can lie on these answers.

This decreases the possibility that an attacker might find your real-world security answers from social media or other publically available sources.

Record the questions and false answers in the notes section of each login record in your Bitwarden or KeePass vault.

Shockingly-Fast Crack of Your Windows Password

Are you using Windows? Ugggg. We already compared Windows and 3 other operating systems. Here’s a prime example to consider Windows alternatives.

Kevin Mitnick is a computer security consultant, author, and convicted hacker. In this video (3m32s@2x), he cracks a Windows password in about 30 seconds using a readily-available hacking tool.

(I’ve fast-forwarded to the right spot) 

Final Advice

We’re stuck with using passwords until the tech industry settles on something that is both easy-to-use and secure.

If you need to generate a memorable password, create a long passphrase composed of random words that form a picture or story. Ensure there are upper- and lower-case letters, numbers, and symbols that increase the character search space. Finally, adjust one of the words to remove it from a dictionary attack.

It’s important to limit the number of passwords or passphrases you commit to memory to 1-3. Use a password manager with two-factor authentication enabled for all other account credentials.

At the beginning of this article, I asked what is an example of a strong password and hopefully, that’s a very different answer now.

Remember that a complex password from the hack perspective doesn’t have to be

Do you have a better way on how to generate a strong password or passphrase? Join our chat on Telegram.

Mike Chu

Mike is a web developer and content writer living as a digital nomad. With more than 20 years of devops experience, he brings his "programmer with people skills" approach to help explain technology to the average user. Check out his full author bio by clicking here.

Recent Posts