10 Ways to Build a Better Password

a better password

Passwords are one of the most important things we take for granted.

They’re like digital locks looking over all of our personal information. And, let’s face it, we’re beyond the days when the ordinary abcd123 password was all we needed to keep our information secure.

If you’re still one of those who rely on passwords anyone could remember, there are tips to better protecting all the information you’re storing online. You can create a more secure password by following a few of these tips. Remember, these are just a few ideas, and there are many different techniques to build a better password.

1. Make it Unique

According to Lisa Eadicicco at Business Insider, randomization is a key factor in creating a better password that’s strong and secure.

Avoid using obvious dates like birthdays or things like your company name.

Use a variety of uppercase and lowercase letters, and include numbers and symbols as well. Don’t use common combos like ‘123456’ or these other examples of the worst passwords you could choose from.

2. Use a Different Password for Each Account

No matter how secure you think your password may be, using it across multiple platforms and accounts puts you at risk.

If one site is compromised and passwords are leaked, hackers could try using those passwords on other websites as well. Lary Magid over at Forbes writes:

“One trick is to add a couple of unique characters for each site. For example, for your Google accounts you could have Go somewhere in the password and perhaps Fk in your Facebook password.”

3. Longer Passwords are Better

One of the simple steps you can take to build a better password and strengthen it is by making it longer.

Microsoft suggests a strong password be at least eight characters long. Google says that “the longer your password is, the harder it is to guess.”

Most websites will require a minimum password length, but going above this is a better idea.

4. Misspell Words on Purpose

When using words or phrases, one simple way of making them harder to guess is by misspelling them. By mixing up letters or replacing them with numbers, your password becomes even more difficult to guess.

For example, instead of Ilovecats123, try something like iL0v3katz321 to make it stronger.

Windows also suggests not using a full word, but instead abbreviating it to make it more difficult to guess. Adding spaces or special characters between words or abbreviations adds complexity as well.

5. Create a Word from a Sentence

Google instructs users to:

“Create an acronym from an easy-to-remember piece of information … pick a phrase that is meaningful to you.”

Although dates like birthdays and anniversaries and names of spouses and children are bad ideas, creating a phrase that reminds you of these things is another story.

Try to create a phrase that makes sense to you in your head, such as:

“I met my husband Dan on January 5th.”

This can easily become several different combinations, like ImmhDo0105 or ImmhD-Jan05.

6. Avoid Password Patterns

One study by the Defense Advanced Research Projects Agency (DARPA, a part of the U.S. Department of Defense) in 2013 found that most passwords follow one of several common formulas:

  • One uppercase letter followed by five lowercase letters and three numbers (ex. Trends123)
  • One uppercase letter followed by six lowercase letters and two numbers (ex. Strends12)
  • One uppercase letter followed by three lowercase letters and five numbers (ex. Tren12345)

While it’s true these use a combination of upper/lowercase digits, the pattern makes it much easier for computer programs to hack.

Simply mixing up the formula and distributing your characters throughout the password instead of following these basic outlines will build a better password and make it much stronger. For example, instead of Trends123, try Tr3nd$!321.

7. Use Something Not in the Dictionary

One characteristic of a strong password is that it’s unexpected.

Whether it be the name of an imaginary friend from childhood or a nonsense inside joke you share with a close friend, something that seems like nonsense to an outside party would make a perfect password.

Don’t constrain yourself with the ideas of proper grammar and complete thoughts. Think outside the proverbial box.

8. Try Multi-Word Passcodes

Instead of using one long word for your password, create a short, memorable phrase that only makes sense to you.

You could use the make of your first or favorite car. Or even pet names. Colors and numbers, in any order, are safe bets. Examples inlcude: F!es7@-gr33n1972 and $p0t!Purpl3!2oo7.

Remember to replace letters with numbers in order to make them more difficult to guess, and that adding spaces or special characters between letters instead of bunching the word together can provide extra security.

9. Create your own ‘Code’

When creating a password, perhaps leave out certain letters.

You could create a phrase and leave out the first or second letter of each word, or simply opt to not use vowels. For example, the phrase purple kittens may become Prpl3-ktt3n$, or even Prpl-kttn$.

Try coming up with a system that can be applied across all platforms and all passwords.

10. Change your Passwords

Don’t think that just because you’ve come up with a brilliant password it means you’re safe forever.

Although, the downside is that changing a password can make it harder to remember, especially with the amount of logins we go through nowadays. The answer comes in being vigilant; be aware of what’s happening around you and adjust accordingly.

Most big sites, like Facebook, will give you a warning if they believe your information has been compromised. Others, however, may be blind to threats and require you to decide yourself when the time for change has come.

As security expert Bruce Schneier writes:

“You don’t need to regularly change the password to your computer or online financial accounts (including the accounts at retail sites); definitely not for low-security accounts.

You should change your corporate login password occasionally, and you need to take a good hard look at your friends, relatives, and paparazzi before deciding how often to change your Facebook password. But if you break up with someone you’ve shared a computer with, change them all.”

Login Screen Photo via Shutterstock

More in: 7 Comments ▼

Aubrielle Billig Aubrielle Billig is a Staff Writer for Small Business Trends. She covers business as it is impacted by pop culture, entrepreneurs in the arts, and other topics affecting creative businesses. She has a background as an illustrator and her design page can be found at AubrielleBillustrations.

7 Reactions
  1. The real key for me is to remember what it is when needed.

  2. Lately I have found this issue of passwords frustrating because sites are forcing what they consider “good passwords” on you. For example they might require a minimum count of upper and lower case letters, numbers, and funny symbol. However if you know some basic math you rapidly come to resent these idiots. For example all 26 of the lowercase letters, a-z, are more than 2**4 but less than 2**5 (32). The 52 mixed case letters, or 62 mixed case with numbers, are between 2**5 and 2**6. (32 < 52 and 62 < 64.) Mix in funny characters like '#', '@', and such might give you 10 or 20 more characters so you'd have something just over 2**6 possibilities per character. Certainly far less than 2**7.

    So if only lower case letters are used each keystroke gives you a minimum diversity of 2**4 versus less than 2**7 with all possible characters used. Another way of looking at this is five keystrokes of 2**4 is about the same as three keystrokes of 2**7. (2**20 about the same as 2**21 but really it's close to 2**25 vs 2**18.) So a 9 character password using all possible letters, numbers, and real signs is about the same as a 15 keystroke all lowercase password.

    Why would you want to press 15 keystrokes rather than 9? Because on cell phones a uppercase and special characters takes three to four presses versus 1 push. And since most people on cell phones don't touch type it takes user concentration to hunt and peck making the process even slower. So keeping long passwords of lowercase letters is equally as good much faster to input. Big-Brother password enforcers are too stupid to understand this though. And this post doesn't even touch this subject.

    I use something like "pwgen -0AB 25 1" for each site. PassWordGENeration. Option -0 prevents numerals, -A prevents uppercase letters, -B prevents amBiguous letters that may look like similar to others, 25 is how many, and 1 is how many passwords to generate. It is a free utility on linux.

  3. That is how it should be ideally. But it is hard especially if you are going to vary all your passwords across different accounts. It’s hard because you can only remember so much.

  4. What do you think about password tools, creating passwords for you? What is the weakest link?

    I use so strong passwords, so I can’t remember them myself! 😉

  5. Using a strong password does help a lot even against the attack of cracking the leaked/stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords.  It is like we cannot run as fast and far as horses however strongly urged we may be. We are not built like horses.

    At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.

    By the way, some people shout that the password is dead or should be killed dead. The password could be killed, however, only when there is an alternative to the password. Something belonging to the password(PIN, passphrase, etc)and something dependent on the password (ID federations, 2/multi-factor, etc) cannot be the alternative to the password. Neither can be something that has to be used together with the password (biometrics, auto-login, etc).

  6. Is the crow epistemology an example of the “interference of memory”?

  7. One idea to completely avoid regular (textual) passwords is using an method based on identifying a location in a map/image:

    Demo videos (YouTube):