No one shows you this unconventional way of creating an almost unbreakable password. It’s the key to having a secure password to lock out hackers. So, what is an example of a strong password?
An example of a strong password is “Cartoon-Duck-14-Coffee-Glvs”. It is long, contains uppercase letters, lowercase letters, numbers, and special characters. It is a unique password created by a random password generator and it is easy to remember. Strong passwords should not contain personal information.
Cartoon-Duck-14-Coffee-Glvs is my example. Don’t use it now that I’ve published it here. Let’s generate an easy example for you in the next section. Below is a password generator tool and some clever methods to boost your password strength.
5 Steps To Get an Easy-To-Remember & Strong Password
#1 Generate It
The above tool will generate strong password examples that are easy to remember and unique. Each time you visit this page or click the “New Example” button above, it generates a new random passphrase.
Using the above tool, you can begin to create a solid list of strong password ideas.
|Are you wondering if using a password generator is safe? I dug into some frequently asked questions and provided 13 tips about passwords that I didn’t include in this article.|
#2 Enhance It
Enhance your password by adding your own flare. Swap the word order or change a word or two so you can form a mental image or story with the passphrase.
#3 Memorize It
Our brains are designed to remember visuals and ordered events. Leverage this mental wiring to help you memorize the words in your strong password. This is one of the secrets used by the top competitors in the World Memory Championships.
In my duck example, I might simply add a mental logo to the coffee cup to recall that the password belongs to my Starbucks login.
Ultimately, we’ll use a password manager to store your passphrase.
#4 Un-Dictionary It
Basing passwords off words from any dictionary is a bad idea. This was item #3 in our 6-point password checklist.
Attackers run several tools that quickly try common words called a dictionary attack.
Here’s how to fix the problem: In your passphrase, choose one of your words, first, second, last, whatever. Drop the vowels in the word in that position.
Going back to my duck example: I’ve made an iron-clad promise to myself that in every password I create, I will always modify the last dictionary word.
My final example of a strong password is “Cartoon-Duck-14-Coffee-Glvs”.
#5 Measure It
Test the password strength on HowSecureIsMyPassword, a service provided by the password manager Dashlane. You can also check if your new secure password is already hacked at HaveIBeenPwned which is a site from security researcher Troy Hunt. The project collects and helps users identify passwords that were included in any data breach.
Using these tips will allow you to create a hard password for
- School, college, and university
- Critical work or job-related systems
- Satisfy most website password length and complexity requirements
|I just looked at the Google password length and complexity requirements. It’s just a minimum of 8 characters. I wrote up why it is not safe to sign in with social media login buttons.|
Length and Size Matter
Let me tell you a secret. The whole concept of a password is really weak, but your beautiful new password is an excellent step in the right direction, and here’s why.
Throughout my research, the two biggest factors in a more secure password are its length and the character space or types of characters used.
A short password using a large character space can still be easily cracked. As an example, let’s measure a short 8-character password that has 2 capital letters, 2 lowercase letters, 2 numbers, and 2 special characters.
Yup. It only takes a few minutes to a few hours to crack this password. It’s also not memorable.
A longer password using only one character type is a little better.
This numbers-only password is more than double the length and easy to remember combining a mobile phone number and birth date, but it can be cracked in a few days. The personally identifiable information (PII) helps the attacker. Later, we’ll talk about using a password manager so that we don’t use PII to construct passphrases.
Measuring the search space of my duck example password on Password Haystack, you can see the time to crack is much longer.
Please never use any personally significant information in a password. family member’s birthdays, favorite teams, maiden names, names of schools, etc are very easy to find online so they’re off-limits.
Remember, we’re trying to prevent your account from being hacked and your data becoming part of a data breach.
What NOT to Have In Your Password
Over the years, I’ve seen some awfully weak passwords from breached data sets. I’ve also committed some password-creating sins myself. The following is a list of places to NOT derive parts of your passphrase:
- Personally-Significant Names: family, pets, cities…
- Significant Information: dates, phone numbers, email, street address, zip or postal codes…
- Popular Culture: favorite movies, sports team names, quotations…
- Substitution Patterns: password => p@55w0rd, letmein => l3tM3!n, 123456 => one2three4five6
- Login Username: do not repeat any part of your login username
- Dictionary Thwarting: reversing words, common misspellings, dropping significant letters
Use this list of what-not-to-dos to check that your passwords aren’t vulnerable.
Troy Hunt authored a detailed analysis of password derivation sources and the biggest takeaway points out that…
|I started studying for my security certification after reading about Troy’s work. I took a look to see how hard it’d be to transfer to a career in cybersecurity.|
You, my astute reader, may have noticed I just contradicted myself listing “dictionary thwarting” as something to avoid. For those that have yet to read this article, your long, character-diverse, memorable password is far more secure than theirs even without our “un-dictionary step”.
Let’s take your password creation skills up one more notch.
Genius, Leveled-Up Password
Security researcher, Bruce Schneier, outlined an ingenious method in this article to create a password that’s still easy to remember, but harder to crack. Use this method when you must type a password several times a day. This also works well for your password manager’s master password which should be the single password you remember from here on.
I’ve modified Mr. Schneier’s method slightly using a personal, time-delimited goal. Here’s the hidden formula:
- Pick a goal.
- Make a sentence including a near-term future date. Write your sentence as if you’ve already achieved the goal.
- Adjust the wording to add special characters and some additional numbers.
- Write down the first character of each word and any numbers and symbols.
Here’s my personal example:
- I’d like to have more of this blog’s articles ranked at the top of Google search results.
- Today, Sept 17, I now have 13 Data Overhaulers articles ranked first on Google.
- Today, 9/17, I have 13 Data Overhaulers articles ranking #1 on Google.
T,9/17,Ih13DOar#1oG.(5 upper-case, 4 lower-case, 6 digits, 5 symbols = 20 total characters)
Using this method requires you to repeat a specific goal in your head and heavily encourages you to change your password regularly, especially if you include a year.
Your 3 Critical Next Steps
1. Store your unique passwords in a strong password manager
With proper password management, you’re not only securing your password but you can also use unique usernames so your identity across online accounts is not linked to your personal information.
Pro Tip: Lie on your security questions. Now that you’re using a password manager, you can keep your challenge questions and answers in the notes field. This prevents hackers and internal employees from being able to dox or build a profile on you.
2. Be smart and never reuse your any of your precious passwords
You created your killer password. Now, use it only once. Do not reuse any passwords from this day forward…ever.
Remember you should have a completely unique password for each website and service. Don’t use your Facebook password for other social media accounts like Twitter, Instagram, LinkedIn, etc. This advice is especially crucial around sensitive accounts like your Gmail (or any email account), financial, or medical sites.
Your digital world can come crashing down when you reuse account passwords.
3. Go enable multifactor authentication
Passwords suck. Your passwords suck!
Turning on two-factor authentication (2FA) is crucial on all your accounts especially the really sensitive ones.
This second layer of security may be called:
- Two-Step Authentication (2SA)
- Two-Factor Authentication (2FA)
- Multifactor Authentication (MFA)
Starting to use two-factor authentication provides an extra layer of protection in the event a company has a data breach and your passwords are stolen.
|If you’ve never turned on multifactor authentication, I have an easy, step-by-step guide to set up two-factor.|
4. Lie on your security questions
When websites add layers of security, they often make you create or select security questions and provide answers.
Since you’re now using a password manager with a strong master password, you can lie on these answers.
This decreases the possibility that an attacker might find your real-world security answers from social media or other publically available sources.
Shockingly-Fast Crack of Your Windows Password
Are you using Windows? Ugggg. We already compared Windows and 3 other operating systems. Here’s a prime example to consider Windows alternatives.
Kevin Mitnick is a computer security consultant, author, and convicted hacker. In this video (3m32s@2x), he cracks a Windows password in about 30 seconds using a readily available hacking tool.
(I’ve fast-forwarded to the right spot)
We’re stuck with using passwords until the tech industry settles on something that is both easy-to-use and secure.
If you need to generate a memorable password, create a long passphrase composed of random words that form a picture or story. Ensure there are upper- and lower-case letters, numbers, and symbols that increase the character search space. Finally, adjust one of the words to remove it from a dictionary attack.
It’s important to limit the number of passwords or passphrases you commit to memory to 1-3. Use a password manager with two-factor authentication enabled for all other account credentials.
At the beginning of this article, I asked what is an example of a strong password and hopefully, that’s a very different answer now.
Remember that a complex password from the hack perspective doesn’t have to be
Do you have a better way on how to generate a strong password or passphrase? Join our chat on Telegram.