# How to create strong passwords and have secure accounts [Tip]

October 28, 2012 37

It seems like with the increasing level of access to technology on a global scale, there are increasing numbers of scam artists, hackers, pricks, punks, assholes, scumbags, etc. that try to find ways to make everyone’s digital life a bigger pain than it needs to be. There are many ways to fight scumbagism, but most of these ways are so complex and unrealistic that most of us just simply ignore them. So, I have decided to write up this article listing five simple-ish rules one can follow to have strong passwords and secure accounts. Living your digital life by the following the following five rules will not guarantee you are hacker proof, but it does greatly mitigate the likelihood of your accounts being hacked.

Remember back in grade school math class when you studied permutations? Remember how adding an extra digit to a number (i.e. going from four digits to five digits) greatly increased the amount of possible permutations of that number? Yeah, well, they didn’t just teach that in school to torture us; permutations have a real-life application.

That said, exactly how long should your passwords be? Current industry standards say at least eight characters. However, personally, I recommend twelve characters or higher. Why? One word: Graphics. In a study conducted by Georgia Tech earlier this year, researchers were able to crack eight character passwords using graphic cards in two hours. Cracking twelve character passwords, on the other hand, was estimated to take over 17,000 years. Two hours vs seventeen thousand years, hmmm….

Now, does that mean all hackers will have the capability to crack eight character passwords in two hours? No. It takes a certain level of sophistication and technology to be able to do what the Georgia Tech researchers did and the average wannabe hacker isn’t at that level of sophistication. However it just goes to show you how important password length is.

Using special characters and uppercase letters is not as complicated as it sounds. All you need to do is go through your password and replace letters with similar special characters and make some lowercase letters uppercase. For example, if your password is bullseyeathome you can make that password a lot stronger by using bu1L\$eye@th*me. Not too hard to remember, is it?

Furthermore, having complex passwords is not only making sure you use a mix of lowercase letters, uppercase letters, numbers, and special characters. Complexity of a password also includes avoiding real words and popular phrases. Cracking a password comprised of real words or popular phrases is very easy using a dictionary attack. So instead of using real words or popular phrases, make up your own words or phrases. That does not mean your password can contain no real words or popular phrases. Rather, it means your password should not be all real words or popular phrases – throw in one or two figments of your imagination.

From a pure security standpoint, having tiered passwords is not as secure as having a different password for each login. However, it is is a doable derivative that serves as a good compromise between the two extremes of using the same password for all logins and using a different password for all logins.

#### Conclusion

Life would be grand if we didn’t have punks trying to access our accounts – either for fun or malicious purposes or whatever; but that just isn’t how it is. So, please, do yourself a favor and use strong passwords in order to keep your accounts secure.

Have any advice on how to have strong passwords and secure accounts? Share with us in the comments below!

Originally posted December 13, 2010.

### Related »

1. JimVanDamme December 17, 2010 at 7:10 AM (comment permalink) -

I use XMarks to sync bookmarks and passwords. It works over the cloud and cross-platforms.

26
2. Suze December 17, 2010 at 7:38 AM (comment permalink) -

Someone on one of the GotD Forums recommends the free version of Access Manager: http://www.accessmanager.co.uk/. It looks to offer a very comprehensive set of options, and I’ve added to my list to try.

27
3. Locutus December 20, 2010 at 12:48 PM (comment permalink) -

Ha! I just realized something: a few days after publishing “how to make strong passwords”, you post (I post) “how to crack passwords”.

28
4. Godel December 30, 2011 at 5:12 PM (comment permalink) -

I disagree with some of what Ashraf has said.

My advice is to get a password manager and set one kick-ass password to unlock it. This is where you want to go all out on a long, random looking password, or a longer pass phrase. I use the donation-ware Keepass, but there are dozens of free and commercial password managers out there.

Next, computing platform permitting, get the PasswordMaker add-on to Firefox to manufacture your passwords. There is also a simple Windows stand alone version for the desk top, in case you can’t use Firefox.

My reason for not using special characters is that some web sites won’t allow them and banking sites are often the worst. The reduced character set is equivalent to 6 bits per character and adding special characters adds just 0.6 bits more to that, so adding one more character for every 10 in your password is enough to compensate.

Once you are using a password manager, there is no difficulty in using a different password for every account, the software memorises it for you.

Lastly backup, backup, backup your database. Store one or more copies off-site at a relative’s place or in the cloud. It doesn’t matter if they fall into “enemy hands” as they are encrypted by your master password. Bruce Schneier recommends writing your master password down just in case. He keeps his in his wallet. You could obfuscate the written version if security worries you.

Store a copy of the master password with instructions with your will at your lawyer’s office. If you’re hit by a truck, this could make it much easier for your loved ones to clean up your affairs.

29
5. William R Cosgrove December 30, 2011 at 6:30 PM (comment permalink) -

Hello,

Well, I simply want to offer some hints;

1) Never use just (1) password generator.
2) Steer away from using online password generators.
4)Unless absolutely necessary, do not use use just letters, numbers, upper/lower casing but symbols of various kinds if you can.
5) Make passwords lengthy; say between 15/17 to 20/25 characters. I mean not to long that you go ballistic or blind.
7) Keep passwords stored on portable devices like a flash drive/thumb drive, CD (RW) or an external hard-drive.
8) If that is not good enough, I print out hard-copies of my passwords and tuck them away for safe keeping. Sometimes I keep multiple copies. Whenever I make any changes and/or additions, I simply do what I have got to do. Hey, some things take alittle work.
9)Maybe you want to consider keeping passwords stored on your smart phone/cell phone; with encryption of course.
10) I always keep my many passwords stored away in my wallet.
11) There are (3) words I want you to remember; “LENGTHY, DIVERSE & ENCRYPTION”!!!
12) I would suggest you get the best internet security program you can get; hint; I do not; have not nor will not pay for an “Internet Security Suite” package when I know what I know. Believe me, knowlege is precious and expensive; and wise are the people who possess it. I know where to go to get it. If you are smart, you will not have to pay a dime for this type of software. A little word of advice; “KEEP YOUR EYES OPEN”. There is much treasure found in these (3) little words; “FREEBIES, GIVEAWAYS & PROMOTIONALS. But, I will not disclose to any of you where I navigate to regarding this matter. That is my secret! But, by now you should have somewhat of an idea of at least (1) site I am acquainted with.
13) I always make it a habit to store & save (2) things on a CD for archival purposes; “Registration codes/licenses & software installers. When it comes to security of this type, it can really help somewhere down the road if disaster strikes.
14) You might want to keep in mind, these (2) names; “STEGANOS SS 12 & STICKY PASSWORD”!!!

Have a wonderful New Year!!!

30
6. Darcy December 30, 2011 at 6:56 PM (comment permalink) -

:) I use Sticky Password for any online logins required but to open my computer or sticky password itself I use a fingerprint scanner. It came built into the computer. There is a master password of course, which I can remember easily but uses some of the tricks mentioned above. Since I never actually enter it though, it’s relatively hard for someone to discover.

One trick I used with my nephews, when they were grounded from the computer. I took a bonus card out of my wallet and used initials for the store plus the last 8 digits of the card code. Substituting special characters as described above. That way I had a perfectly camouflaged copy of the password in my wallet. Nobody knew that I did it that way let alone which card I used. Their computer accounts have limited privileges anyway and I was only locking them out of it until they were ungrounded.

31
7. Thomas December 30, 2011 at 9:01 PM (comment permalink) -

I think people should use their strengths with passwords, and not ply to the weaknesses of technology, by using more complicated technology. Get a system, and keep to it. For example if you can easily recall movies, use movies:

eg – gonewiththewind1956
hint – I dont give a damn

if you can easily recall sports, use sports

eg – camesecondin1996superbowl-PittsburghSteelers
hint – lost the ‘eat my hat’ bet

if you can easily recall phone numbers, use phone numbers

eg – terry+44915462251mobile
hint – he broke my favourite golf club

if you can easily recall cars, use cars

eg – chryslerdodge1988rustbucket
hint – first car

You remember in human terms what, when combined, is terribly difficult to guess in computer terms.

Simple is good.

Caio.

T

32
8. LouisMarinier October 29, 2012 at 8:43 AM (comment permalink) -

34
9. Luca F. October 29, 2012 at 1:58 PM (comment permalink) -
10. Bull October 29, 2012 at 3:31 PM (comment permalink) -

…bullseyeathome…

What the?! O.O

Ashraf you total hacker! You hacked and publicly posted my password! >: (

Naw, just kidding man. : )

Great article though.

I use the LastPass to generate 25+ passswords for my logins, and my master password is much higher. Yeah sounds difficult to remember but its something that i will never forget bar having amnesia. Even then i have something physical to point me in the right direction.

36
11. Maximus November 10, 2012 at 1:21 PM (comment permalink) -

1. Portable Extreme Password Generator Pro 1.5 (free program).
2. Store passwords on word-processor page, > on thumbdrive (+2nd>backup)
3. Enter passwords by ‘drag and drop’, not keystrokes. (Why? Keyloggers).
4. Unplug thumbdrive from computer when not using (passwords).
5. Passwords of 20 characters minimum length. (Longer = better).
6. Change all passwords every couple months (even WiFi) see #1 above.
7. ‘Do Not’ open an unknown senders email, no matter what it says or claims.
8. Store security items and photos on removable disc or thumbdrives(s).
9. Home WiFi min.: WPA2. ‘All’ public HotSpots are (easy to) “Open to public”.

37