Making Great Passwords

Passwords that are effective, yet easy to remember.

A great password is one that won't be hacked and yet is easy to remember. Here is a technique that with some of your own creativity makes great passwords you can use and trust.

First, what we've been taught about good passwords is wrong. A good password doesn't need to be complex requiring upper-case, lower-case, numbers, or any mix of characters.

What's a Great Password?

A great password just needs to be long and unpredictable.

It doesn't matter what the mix of characters is because with a long password the power is in the math. In software and computing, it's all about digital processing. So, emphasizing the length of strings of characters versus the complexity of a string of characters is key to good cybersecurity.

To recap:

You were taught good passwords require three attributes:

  • Complexity - a mix of character types.
  • Unpredictable - there are about 1 million commonly used passwords and hacker use databases that include them all.
  • Long - the longer the better.

But the better way includes just two:

  • Complexity - a mix of character types. NOPE!
  • Unpredictable - there are about 1 million commonly used passwords and hacker use databases that include them all.
  • Long - the longer the better.

About Password Unpredictability

Cracking passwords is especially easy for the hacker when we use passwords commonly used by others.

There are about 1 million commonly used passwords that every hacker knows and keeps handy for the password hacking software to test in its first rounds of cracking attempts.

Here are some examples:

  • Password
  • 123456
  • 000000
  • Money2019
  • And so on, ....

You get the idea - there are about one million variations of predictable passwords and most people are using at least one of them as their own.

Using one of these million predictable passwords makes the hacker's job of cracking very easy and routine. So, it is imperative you use passwords that are unpredictable and clearly not on the list of commonly used versions that the hacker will try first.

How do you create something unpredictable but easy to remember?

Hang on, we'll get there in a bit below. But first:

How Long is a Great Password?

Here's the 'science' part of a great password, and it leverages "The Law of Combinations."

The Law of Combinations says:

The number of combinations of interacting elements increases exponentially with the number of elements.

So, what this means to passwords is that with each element (character) you add to the password, the potential combinations (unpredictability) increase exponentially. With software hacking software so easily available to anyone that wants to hack another's credentials, that's the kind of powerful math you need on your side in cybersecurity today.

The power of exponential math really takes off at about 10 elements, or characters. Most free hacking software can easily crack 12 character-long strings of characters. At 14 characters, it becomes highly unlikely. At 16 characters and above, an unpredictable (see above) password is impossible to crack without very powerful computers, software, and a whole lot of time.

So, we recommend a minimum of 14-characters to your unpredictable password.

And if you are using a password manager, which we highly recommend, make your master password at least 14 characters, and set the auto-generate feature for your vaulted passwords at 16 characters or longer as the default.

Click here for a great chart that illustrates how long it would take to hack a password with brute force software.

How to Remember a Long Password

But humans aren't wired to remember long, random strings of characters. Much less a whole bunch of them. So here's where the 'art' of great passwords comes in.

We recommend using a technique that uses a memorable phrase as the foundation for your password habits. But remember, while the phrases should be memorable, they also need to be unpredictable.

How do you do that?

Method #1 - Start with a poem, song, quote, Bible verse, nursery rhyme ... anything that serves the memory immediately when you need it. Then:

  • Use the first or last letter of each word in the phrase making sure you have at least 14 characters.
  • Twist the phrase to make it your own - for example, instead of "maryhadalittlelamb" yours is "kathyhadabigcow." It's unpredictable, has 15 characters and so is an example of a great password you can easily remember.

Method #2 - This approach starts with an image in your mind's-eye that you can conjure up to remind yourself of your great password when you need it.

  • Take each piece of your mental image and string the words striving for 14+ characters in total.
  • For example, imagine a cowboy leaning on a palm tree while standing on the moon. You have a great password in "cowboypalmtreemoon." It's long, 18 characters to this one, and unpredictable and is a great example of a great password.

illustration of moon with a cowboy leaning on a palm tree

Have fun using your imagination to create an easy visual reference that is uniquely your own and unpredictable to anyone else.

Best-Practices for Password Storage

Passwords are the keys to your kingdom, and we should care for them as such. If you use the methods above for creating great passwords, we still recommend that you store them safely and securely.

If it's a master password, write it down somewhere and put it in a place unrelated to passwords or logins. For example, embed it in a contact file in your address book somewhere. Using the examples above you could create a contact called "Mary Lamb" or "Lunar Cowboy" and hide the password in the contact file with no reference to passwords at all.

Use a Password Manager

We highly recommend password managers for everyday use and considering our personal and professional experience with LastPass, and the company's record of innovation and product development, we're proud to include it to our stable of "best-in-class" recommendations.

With a password manager you just remember one password - your master password for accessing your password vault.

laptop and smartphone each with the LastPass password manager app displayed

**This post contains affiliate links and Total Digital Security will be compensated if you make a purchase after clicking on our links.

 

September 8th, 2021 - The Problem with "Complex Passwords": https://www.wsj.com/articles/complex-password-cyber-security-risk-11631051077

 

August 7th, 2021 - Three Randowm Words are Better for Passwords :

https://www.theguardian.com/technology/2021/aug/07/password-of-three-random-words-better-than-complex-variation-experts-say

 

Our top recommendation for password management software is LastPass.

Get Started

 

Click to learn more and purchase for individuals, families, teams, and enterprise.

**This page contains affiliate links and Total Digital Security will be compensated if you make a purchase after clicking on our links.

LastPass paid versions sync across devices for security with convenience.

 

LastPass on mobile screenshot

How We Work

An introductory video about Total Digital Security, what we do, and how we do it.