Knowledge Base

How to choose a strong password

This article discusses some techniques and advice on how to create a strong password.

Choosing a strong password

Here are some techniques for creating a strong password:

  • Choose a password that is at least eight characters long, but preferably longer. The longer the password, the less susceptible it is to brute-force attacks.
  • Use a mixture of lowercase and uppercase characters, numbers, and punctuation marks.
  • Place a punctuation mark in the middle of a word (for example, vege%tarian).
  • Use some unusual way of contracting a word. You don't have to use an apostrophe.
  • Think of an uncommon phrase, and then take the first, second or last letter of each word. You can't always get what you want could become ycagwyw. Throw in a capital letter, a punctuation mark, and a number or two, and you might have yCag5wyw.
  • You can deliberately misspell one or more words to make the password harder to crack.
  • Combine several of the above techniques.
  • Use something that no one but you would ever think of. The best password is one that is totally random to everyone else but you. Since this is highly dependent on the individual, it is difficult to tell you how to come up with these, but use your imagination!

How not to choose a strong password

Here are some guidelines for what not to do when choosing a password. You should avoid these techniques when you create a password:

  • Using words in a dictionary.
  • Using your username or real name.
  • Using anyone else's name.
  • Using any word in a cracking dictionary. A cracking dictionary contains lists of words that attackers use to try to crack passwords (this is also known as a dictionary attack). These lists include abbreviations, cartoons, character patterns, machine names, famous names, female names, male names, Bible citations, movies, myths, numeric patterns, short phrases, places, science fiction, Shakespeare, songs, surnames, and just about anything else you can think of.
  • Using any of the above techniques with a single character before or after it (for example, happy1).
  • Using any of the above techniques with capitalization (for example, Cat or Walrus).
  • Using any of the above reversed (for example, reversing cat to tac), doubled (cat to catcat), or mirrored (cat to cattac).
  • Selecting a word and substituting some characters (for example, changing password into [email protected], or supersecret into sup3rs3cr3t). Attackers are well aware of these substitutions, and can crack them.
  • Using keyboard patterns (for example, qwerty or nbvcx). Cracking programs look for these types of patterns in passwords.

Safeguarding your password

You should never share your password with anyone else. You should also never write it down. The strongest password in the world doesn't do much good if you write it down and someone else sees it, or if you share it with someone else (who shares it with someone else, and so on).

Lastly, if you receive an e-mail message from someone who claims to be an administrator, a security specialist, or some other important-sounding position who asks you to change your password, don't do it. This is a popular scam to trick the unsuspecting.