The Art & Science of Creating Great Passwords

A great password is one that won't be hacked and yet is easy to remember. Here is a technique that with some of your own creativity makes great passwords you can use and trust.

password manager on laptop in conf room black and white

First, what we've been taught about good passwords is wrong. A good password doesn't need to be complex requiring upper-case, lower-case, numbers, or any mix of characters. 

What's a Great Password?

A great password just needs to be long and unpredictable.

It doesn't matter what the mix of characters is because with a long password the power is in the math. In software and computing, it's all about digital processing. So, emphasizing the length of strings of characters versus the complexity of a string of characters is key to good cybersecurity. 

To recap:

You were taught good passwords require three attributes:

  • Complexity - a mix of character types.
  • Unpredictable - there are about 1 million commonly used passwords and hacker use databases that include them all.
  • Long - the longer the better.

But the better way includes just two:

  • Complexity - a mix of character types. NOPE!
  • Unpredictable - there are about 1 million commonly used passwords and hacker use databases that include them all.
  • Long - the longer the better.

About Password Unpredictability

Cracking passwords is especially easy for the hacker when we use passwords commonly used by others.

There are about 1 million commonly used passwords that every hacker knows and keeps handy for the password hacking software to test in its first rounds of cracking attempts.

Here are some examples:

  • Password
  • 123456
  • 000000
  • Money2019
  • And so on, ....

image of sticky note My Password 123456 rx

You get the idea - there are about one million variations of predictable passwords and most people are using at least one of them as their own.

Using one of these million predictable passwords makes the hackers job of cracking very easy and routine. So, it is imperative you use passwords that are unpredictable and clearly not on the list of commonly used versions that the hacker will try first.

How do you create something unpredictable but easy to remember?

Hang on, we'll get there in a bit below. But first:

How Long is a Great Password?

Here's the 'science' part of a great password, and it leverages "The Law of Combinations."

The Law of Combinations says:

The number of combinations of interacting elements increases exponentially with the number of elements.

So, what this means to passwords is that with each element (character) you add to the password, the potential combinations (unpredictability) increase exponentially. With software hacking software so easily available to anyone that wants to hack another's credentials, that's the kind of powerful math you need on your side in cybersecurity today.  

The power of exponential math really takes off at about 10 elements, or characters. Most free hacking software can easily crack 12 character-long strings of characters. At 14 characters, it becomes highly unlikely. At 16 characters and above, an unpredictable (see above) password is impossible to crack without very powerful computers, software, and a whole lot of time. 

So, we recommend a minimum of 14-characters to your unpredictable password.

And if you are using a password manager, which we highly recommend, make your master password at least 14 characters, and set the auto-generate feature for your vaulted passwords at 16 characters or longer as the default. 

How to Remember a Long Password

But humans aren't wired to remember long, random strings of characters. Much less a whole bunch of them. So here's where the 'art' of great passwords comes in.

We recommend using a technique that uses a memorable phrase as the foundation for your password habits. But remember, while the phrases should be memorable, they also need to be unpredictable.

How do you do that?

Method #1 - Start with a poem, song, quote, Bible verse, nursery rhyme ... anything that serves the memory immediately when you need it.


  • Use the first or last letter of each word in the phrase making sure you have at least 14 characters.


  • Twist the phrase to make it your own - for example, instead of "maryhadalittlelamb" yours is "kathyhadabigcow." It's unpredictable, has 15 characters and so is an example of a great password you can easily remember.

Method #2 - This approach starts with an image in your mind's-eye that you can conjure up to remind yourself of your great password when you need it.

  • Take each piece of your mental image and string the words striving for 14+ characters in total.
  • Here's an example of this technique. Imagine a cowboy leaning on a palm tree while standing on the moon. You have a great password in "cowboypalmtreemoon."  It's long, 18 characters to this one, and unpredictable. Silly as it is, it's a good example of a great password. 

password image cowboyplamtreemoon-1

Have fun using your imagination to create an easy visual reference that is uniquely your own and unpredictable to anyone else.

Best-Practices for Password Storage

Password are the keys to your kingdom, and we should care for them as such. If you use the methods above for creating great passwords, we still recommend that you store them safely and securely.

If it's a master password, write it down somewhere and put it in a place unrelated to passwords or logins. For example, embed it in a contact file in your address book somewhere. Using the examples above you could create a contact called "Mary Lamb" or "Lunar Cowboy" and hide the password in the contact file with no reference to passwords at all. 

Our Top Recommendation for Password Managers

Learn more about our top recommendation for password management software;

Learn More


To learn more about our recommended cybersecurity products and services by contacting us here:



Subscribe Here!


Includes the monthly CyberAdvisor Letter.




Calendar of Cybersecurity Education and Speaking Events


Recent Posts