A safe password is defined as one that won't be hacked and yet is easy to remember. Here is a technique with some of your creativity that makes great passwords you can use and trust.

password manager on laptop in conf room black and white

First, what we've been taught about good passwords is wrong. A secure password doesn't require a random mix of upper-case letters, lower-case letters, numbers, and other characters.

What drives a password's level of security is length and unpredictability. Here's what we mean.

What's Makes a Safe Password?

A safe password is long and unpredictable. The mix of characters is less important because, with a long password, the power is in the math.

A password hacking app, like all software, uses digital processing power to crack the code. Password length determines the number of possible combinations. So, emphasizing the length of strings of characters is the key to a secure password, not complexity.

To recap:

We've always been taught good passwords require three things:

  • Complexity - a mix of character types.

  • Unpredictable - there are about 1 million commonly used passwords and hackers use databases that include them all.

  • Long - the longer the better.   

But, the better way to a great password includes just these two things:

  • Complexity - a mix of character types. NOPE!

  • Unpredictable

  • Long

Now that we understand the value of length to make a secure password let's look at why unpredictability is also essential.

About Password Unpredictability

Cracking passwords is especially easy for the hacker when we use one commonly used by others.

There are about 1 million commonly used passwords, and every capable hacker has a list of them. These 'predictable' passwords are used by hacking software to test first in its cracking attempts.

Here is a list of the top 25 examples, according to the Scientific American in 2019.

1. 123456
2. password
3. 12345678
4. qwerty
5. 12345
6. 123456789
7. letmein
8. 1234567
9. football
10. iloveyou
11. admin
12. welcome
13. monkey
14. login
15. abc123
16. starwars
17. 123123
18. dragon
19. passw0rd
20. master
21. hello
22. freedom
23. whatever
24. qazwsx
25. trustno1

You get the idea - there are about one million variations of predictable passwords, and most people are using at least one of them as their own.

Using one of these million predictable passwords makes the hacker's job of cracking very easy and routine. You must use passwords that are unpredictable and not on the list of commonly used versions that the hacker will try first.

How do you create something unpredictable, but easy to remember?
Hang on, and we'll get there in a bit below. But first:

How Long is a Great Password?

Here's the 'science' part of a secure password, and it leverages "The Law of Combinations."

The Law of Combinations says:

The number of combinations of interacting elements increases exponentially with the number of elements.

What this means to passwords is that with each element (a character) you add to the password, the potential combinations (the level of unpredictability) increase exponentially

With software hacking software so readily available to anyone that wants to hack another's credentials, that's the kind of powerful math you need on your side in cybersecurity today.  

Exponential Math

A mathematical phenomenon known as the exponential function is the driver behind password science.

The power of exponential math takes off at about ten elements, or characters. Most free hacking software can easily crack 12 character-long strings of characters. At 14 characters, it becomes more unlikely. At 16 characters and above, an unpredictable password is impossible to break without powerful computers, software, and a whole lot of time. 

As computers become more powerful, as they have at an exponential rate for the last 50 years, the requirement for password length will increase. So, we recommend a minimum of 16-characters to your unpredictable password and suggest using 18 or more to be safe.

How to Create and Remember a Long Password

We have a problem; humans aren't wired to remember long, random strings of characters. Much less a whole bunch of them. So here's where the 'art' of great passwords comes in.

We recommend using a technique that uses a memorable phrase as the foundation for your password habits. But remember, while the phrases should be memorable, they also need to be unpredictable.

How do you do that?

Method #1 - Start with a poem, song, quote, Bible verse, nursery rhyme ... anything that serves the memory immediately when you need it.

Then:

  • Use the first or last letter of each word in the phrase making sure you have at least 16 or 18 characters.

Or:

  • Twist the phrase to make it your own - for example, instead of "Maryhadalittlelamb" yours is "Catherinehadabigcow!" It's unpredictable, has 20 characters and so is an example of a great password you can easily recall.

Method #2 - This approach starts with an image in your minds-eye that you can conjure up when you need it. 

  • Take each piece of your mental image and string the words striving for 16+ characters in total.
  • Here's an example of this technique. Imagine a cowboy leaning on a palm tree while standing on the moon. You have a great password in "Cowboypalmtreemoon!"  It's long, 19 characters, and unpredictable. Silly as it is, it's an excellent example of a secure password. 

image of the moon with a cowboy leaning on a palm used as an image to recall a password

Have fun and be creative by using your imagination to create an easy visual reference that is uniquely your own and unpredictable to anyone else.

For a very handy and free tool for creating and evaluating passwords click here for the Password Meter.

Use a Password Manager

And if you are using a password manager, which we highly recommend, make sure your master password at least 18 characters long, and set the auto-generate feature for your vaulted passwords at 16 characters or longer as the default. 

Click here to see our top recommendation for a password manager. 

Now for the tricky part. How to create and remember a long password?

Best-Practices for Master Password Storage

Passwords are the keys to your kingdom, and we should care for them as such. If you use the methods above for creating great passwords, we still recommend that you store them safely and securely.

If it's a master password, write it down somewhere and put it in a place unrelated to passwords or logins. For example, embed it in a contact file in your address book somewhere. Using the examples above you could create a contact called "Catherine Cow" or "Lunar Cowboy" and hide the password in the contact file with no reference to passwords at all. 

Our Top Recommendation for Password Managers

Learn more about our top recommendation for password management software;

Learn More

 

To learn more about our recommended cybersecurity products and services by contacting us here:

Contact

Topics: Password Management, Cybersecurity for Life

Share :

Related Posts

Last Days for LastPass

I've been using LastPass since 2014 and have recommended...

Read More

Our Top Password Manager

Cybercrime is big business. With costs estimated to be in...

Read More