How to create a strong password

Last Updated On October 17, 2018

When creating a strong password, it is important to understand how attackers actually figure out passwords to begin with. They’re not just manually typing in a single password and hoping for the best; they’re actually providing a large list of common passwords. These passwords are taken from dictionaries and modified based on information about their target – company name, first/last name, etc.

Creating a strong password is easier than you might think. There are many mistakes that people make when trying to create a strong password, including the following:

  1. Choosing something common, such as the season, year, or month.
  2. Repeating the same short password multiple times (e.g. Password1Password1).
  3. Adding a number to their already weak password.
It’s understandable that changing your password every 30, 60, and sometimes 90 days can be frustrating, but it doesn’t have to be a difficult process.


Using a sentence

When choosing a password, some people may think of a single word, add a numbers, and call it a day. How about using a sentence? For example, “My C0w0rkers Are Ann0y!ng”. This 25-character password should be more than sufficient for any password policy. While not impossible, it’s a lot more difficult to discover using a password attack.

Creating your own “encryption”

There’s also the ability to create your own form of encryption, or your own language so to speak. For example, it’s a very common practice for people to replace the letter “o” with the number 0. You could, for example, replace letters that have o with two 0s instead. You’re manipulating a word into something that isn’t in a dictionary or expected by attackers. For example “My C00w00rkers Are Ann00y!ng.” This 29-character password could take extremely long to recover from a password or brute-force attack.

Remembering the basics

While there are a significant number of ways to create a strong password, these are just some easy habits that you could implement in your password creation strategies. During our password analysis assessments, we’ve seen a number of weak passwords, some of which were very easy to guess. When creating a strong, complex password, you want to create a password that is hard to guess but easy to remember, and this requires thinking out of the box.

Vonahi Security

We're a cybersecurity company that developed vPenTest, a SaaS platform that automates network penetration testing and delivers continuous testing at a fraction of the cost of an outsourced consultant. The future of offensive cybersecurity consulting services through automation starts here. Hello World, Meet Modern Security.

Stay Updated

Subscribe for the latest vPenTest updates and announcements.