No one shows you this unconventional way of creating an almost unbreakable password. It’s the key to having a secure password to lock out hackers. So, what is an example of a strong password?
An example of a strong password is “Cartoon-Duck-14-Coffee-Glvs”. It is long and contains uppercase and lowercase letters, numbers, and special characters. It is a unique password created by a random password generator. Strong passwords can be remembered but should not contain personal information.
Cartoon-Duck-14-Coffee-Glvs is my password sample. Please don’t use it now that I’ve published it here. Let’s generate an easy example for you in the next section. Below is a password generator tool and some clever methods to boost your password strength.
How To Create A Strong Password In 5 Easy Steps
1. Generate It (Through Password Generators)
The above tool will suggest strong password examples that are easy to remember and unique. Each time you visit this page or click the “New Example” button above, it generates a new random passphrase.
Using the above strong password generator, you can create a solid list of password ideas.
|Are you wondering if using a password generator is safe? I dug into some frequently asked questions and provided 13 tips about passwords that I didn’t include in this article.|
2. Enhance It (Making Words Into Phrases)
Enhance your password by adding your flare. Swap the word order or change a word or two, so you can form a mental image or story with the passphrase.
3. Store It (In Mental Images Or A Tool)
Our brains are designed to remember visuals and ordered events. Leverage this mental wiring to help you memorize the words in your strong password. This trick is one of the secrets used by the top competitors in the World Memory Championships.
In my duck example, I might add a mental logo to the coffee cup to recall that the password belongs to my Starbucks login.
Ultimately, we’ll use a password manager to store your passphrase.
4. Un-Dictionary It (To Stop Dictionary Attacks)
Basing passwords off words from any dictionary is a bad idea, which is item #3 in our 6-point password checklist.
Attackers run several tools that quickly try common words called a dictionary attack.
Here’s how to fix the problem: In your passphrase, choose one of your words, first, second, last, whatever. Drop the vowels in the word in that position.
Going back to my duck example: I’ve made an iron-clad promise to myself that in every password I create, I will always modify the last dictionary word.
My final example of a strong password is “Cartoon-Duck-14-Coffee-Glvs”.
5. Measure It (To Prevent A Brute Force Attack)
Test the password strength on HowSecureIsMyPassword, a service provided by the password manager Dashlane. You can also check if your new secure password is already hacked at HaveIBeenPwned, a site from security researcher Troy Hunt. The project collects and helps users identify passwords included in any data breach.
Using these tips will allow you to create a robust password for
- School, college, and university
- Critical work or job-related systems
- Satisfy most website password length and complexity requirements
|I just looked at the Google password length and complexity requirements. It’s just a minimum of 8 characters. I wrote up why it is not safe to sign in with social media login buttons.|
Length and Size Matters To Avoid Weak Passwords
Let me tell you a secret. The whole concept of a password is really weak, but your beautiful new password is an excellent step in the right direction, and here’s why.
What is a good password?
Throughout my research, the two most critical factors in a more secure password are its length and the character space or types of characters used.
A short password using a large character space can still be easily cracked. As an example, let’s measure a short 8-character password that has 2 capital letters, 2 lowercase letters, 2 numbers, and 2 special characters.
Yup. It only takes a few minutes to a few hours to crack this password. It’s also not memorable.
A longer password using only one character type is a little better.
This numbers-only password is more than double the length and easy to remember, combining a mobile phone number and birthdate, but it can be cracked in a few days. The personally identifiable information (PII) helps the attacker. Later, we’ll talk about using a password manager so that we don’t use PII to construct passphrases.
Measuring the search space of my duck example password on Password Haystack, you can see the time to crack is much longer.
Please never use any personally significant information in a password, family members’ birthdays, favorite teams, maiden names, names of schools, etc. are easy to find online, so they’re off-limits.
Remember, we’re trying to prevent your account from being hacked and your data from becoming part of a data breach.
What NOT to Have In Your Password
Over the years, I’ve seen some awfully weak passwords from breached data sets. I’ve also committed some password-creating sins myself. The following is a list of places to NOT derive parts of your passphrase:
- Personally-Significant Names: family, pets, cities…
- Significant Information: dates, phone numbers, email, street address, zip or postal codes…
- Popular Culture: favorite movies, sports team names, quotations…
- Common Substitution Patterns: password => p@55w0rd, letmein => l3tM3!n, 123456 => one2three4five6
- Login Username: do not repeat any part of your login username
- Memorable Keyboard Paths: QWERTY, 12345678, ASDFGHJKL
- Dictionary Thwarting: reversing words, common misspellings, dropping significant letters
Use this list of what-not-to-dos to check that your passwords aren’t vulnerable.
🛑 Critical Advice: Please do not use any strong password list you find on the internet somewhere. Your password should not be published to the public at any point.
Troy Hunt authored a detailed analysis of password derivation sources and the biggest takeaway points out that…
You, my astute reader, may have noticed I just contradicted myself, listing “dictionary thwarting” as something to avoid. For those that have yet to read this article, your long, character-diverse, memorable password is far more secure than theirs even without our “un-dictionary step”.
Let’s take your password creation skills up one more notch.
Convert A Passphrase To Random Password
Security researcher, Bruce Schneier, outlined an ingenious method in this article to create a password that’s still easy to remember, but harder to crack. Use this method when you must type a password several times a day. This also works well for your password manager’s master password which should be the single password you remember from here on.
I’ve modified Mr. Schneier’s method slightly using a personal, time-delimited goal. Here’s my secret formula for creating a strong password:
- Pick a goal.
- Make a sentence including a near-term future date. Write your sentence as if you’ve already achieved the goal.
- Adjust the wording to add special characters and some additional numbers.
- Write down the first character of each word and any numbers and symbols.
Here’s my personal example:
- I’d like to have more of this blog’s articles ranked at the top of Google search results.
- Today, Sept 17, I now have 13 Data Overhaulers articles ranked first on Google.
- Today, 9/17, I have 13 Data Overhaulers articles ranking #1 on Google.
T,9/17,Ih13DOar#1oG.(5 upper-case, 4 lower-case, 6 digits, 5 symbols = 20 total characters)
Using this method requires you to repeat a specific goal in your head and heavily encourages you to change your password regularly, especially if you include a year.
Your Critical Next Steps
1. Store your unique passwords in a trusted password manager program
With proper password management, you’re not only securing your password, but you can also use unique usernames or a dedicated email address, so your identity across online accounts is not linked to your personal information.
In addition to complex passwords, password managers can also store other sensitive information like credit card numbers, social security numbers, passport information, and even secure notes and files.
2. Never reuse your passwords or a PIN code
You created your killer password. Now, use it only once. Do not reuse any passwords from this day forward…ever.
Remember, you should have an entirely unique password for each website and service. Don’t use your Facebook password for other social media accounts like Twitter, Instagram, LinkedIn, etc. This advice is especially crucial around sensitive accounts like your Gmail (or any email account), financial, or medical sites.
The same advice includes your PINs no matter the code length. Store them in your password vault too.
3. Enable two-factor authentication
Turning on two-factor authentication (2FA) is crucial for all your accounts, especially the really sensitive ones.
This second layer of security may be called:
- Two-Step Authentication (2SA)
- Two-Factor Authentication (2FA)
- Multifactor Authentication (MFA)
Starting to use multi-factor authentication provides an extra layer of protection in the event a company has a data breach and your passwords are stolen.
|If you’ve never turned on multifactor authentication, I have an easy, step-by-step guide to set up two-factor.|
4. Lie on your security questions
When websites add layers of security, they often make you create or select security questions and provide answers.
Since you’re now using a password manager with a strong master password, you can now lie on these security question answers.
This decreases the possibility that an attacker might find your real-world security answers from social media or other publicly available sources.
Record the questions and false answers in the notes section of each login record in your password manager.
5. Never email or text your passwords to other people
Shockingly-Fast Crack of Your Windows Password
Are you using Windows? Ugggg. We have already compared Windows and three other operating systems. Here’s a prime example to consider Windows alternatives.
Kevin Mitnick is a computer security consultant, author, and convicted hacker. In this video (3m32s@2x), he uses a readily available hacking tool to crack a Windows password in about 30 seconds.
(I’ve fast-forwarded to the right spot)
We’re stuck with using passwords until the tech industry settles on something both easy-to-use and secure.
If you need to generate a memorable password, create a long passphrase composed of random words that form a picture or story. Ensure that upper- and lower-case letters, numbers, and symbols increase the character search space. Finally, adjust one of the words to remove it from a dictionary attack.
It’s essential to limit the number of passwords or passphrases you commit to memory to 1-3. Use a password manager with two-factor authentication enabled for all other account credentials.