How to create a strong password

Last Updated On October 17, 2018


When creating a strong password, it is important to understand how attackers actually figure out passwords to begin with. They’re not just manually typing in a single password and hoping for the best; they’re actually providing a large list of common passwords. These passwords are taken from dictionaries and modified based on information about their target – company name, first/last name, etc.

Creating a strong password is easier than you might think. There are many mistakes that people make when trying to create a strong password, including the following:

  1. Choosing something common, such as the season, year, or month.
  2. Repeating the same short password multiple times (e.g. Password1Password1).
  3. Adding a number to their already weak password.

It’s understandable that changing your password every 30, 60, and sometimes 90 days can be frustrating, but it doesn’t have to be a difficult process.

Using a sentence

When choosing a password, some people may think of a single word, add a numbers, and call it a day. How about using a sentence? For example, “My C0w0rkers Are Ann0y!ng”.  This 25-character password should be more than sufficient for any password policy. While not impossible, it’s a lot more difficult to discover using a password attack.

Creating your own “encryption”

There’s also the ability to create your own form of encryption, or your own language so to speak. For example, it’s a very common practice for people to replace the letter “o” with the number 0. You could, for example, replace letters that have o with two 0s instead. You’re manipulating a word into something that isn’t in a dictionary or expected by attackers. For example “My C00w00rkers Are Ann00y!ng.” This 29-character password could take extremely long to recover from a password or brute-force attack.

Remembering the basics

While there are a significant number of ways to create a strong password, these are just some easy habits that you could implement in your password creation strategies. During our password analysis assessments, we’ve seen a number of weak passwords, some of which were very easy to guess. When creating a strong, complex password, you want to create a password that is hard to guess but easy to remember, and this requires thinking out of the box.