Creating secure passwords


So, we keep telling you that you need to use a secure password, but what do we really mean?

Typically, a secure password is one that contains both upper and lower case letters, numbers, and ‘special characters’, which is basically everything else on your keyboard.

Every time you add an extra character to your password, you make it exponentially harder to guess. So, to get really geeky on you, if your password is only 3 lowercase letters long, there are 17,576 different variations (26 x 26 x 26). If we change that to upper/lowercase, there are 140,608 (52 x 52 x 52). This sounds like a lot, but for an automated program which can test multiple passwords in a second, it doesn’t take long to test every variation. If we make the password 8 characters, and include numbers, there are 218,340,105,584,896 variations. That’s more like it! The longer you make the password, and the larger character set you use, the more possible variations, and the harder the password is to guess. Typically, I’d suggest 12-14 characters, although the longer they are, the harder and longer they are to type and remember.

I’d like to share with you my three favourite tricks for generating secure passwords.

secure password generator1) Online Password Generator

There are lots of these, but my preferred tool is from PC Tools, and you can see a screen shot to the right. I’d suggest checking off all the options. I normally generate 4-5, so I can pick the one I like the ‘look’ of best (the one which is most memorable). The best features are:

  • the option to not include similar characters ( e.g. i, l, o, 1, 0, I) – an I looks a lot like a 1 or an l. See what I mean?
  • the phonetic pronunciation – if you’re reciting these to someone, that makes it much easier to do
  • the ability to choose the length – you can make passwords as long or short as you need. Different sites have different requirements for maximum and minimum length

2) Random Word Choices

I must admit, the first time I was given one of these passwords, I thought whoever made it was crazy. However, I do find they are much, much easier to remember than the generated ones above. Basically, you want to pick 3 words, any three words, longerish is probably better. If you’re stumped, pick a random page on wikipedia, and wave your mouse around til you stop on one. One hint – make sure it’s a word you can type easily. For some reason there are certain words my fingers always want to rearrange.

So now you’re got three words:
Phillips, Orange, Substitution
add in a few special characters, and some numbers:
and you’ve got a really nice, long, secure password. This one looks super hard to remember, but with the randomly generated one above, you have to remember each character on it’s own, so 12-14 separate ‘pieces’. With this one, there is really only 6 ‘pieces’ – the three words, two special characters and one number. They’ll stick in your head much more easily. And when it comes time to update them, just change the words, leave the numbers and special characters as they are.

3) Use a popular word or phrase

Pick a nursery rhyme, quote, anything you like. Let’s say ‘Twinkle twinkle little star, How I wonder what you are’. Now, convert that into a good strong password. Maybe something like Ttlil*HiwWy4. I’ve used the first letters from each word, shortened little to lil, star to an asterisk(*), and changed the A into a 4 (this is l337, more on that here: As a basic guide to the easy letters, A=4, E=3, G=6, I=1, T=7. You’ll notice the shapes are similar.

Finally, a quick note about the names of the special characters, so you can translate your crazy new passwords. Here’s a quick list of the stranger ones:

  • ~ = tilde (typically at the top left of your keyword)
  • # = pound (over the three)
  • ^ = caret (over the six)
  • & = ampersand (over the seven)
  • * = asterisk (over the eight, also called star)
  • – = hyphen (beside the zero, also called a dash)
  • _ = underscore (over the hyphen)

If you want more, there is a more complete list here.

Lastly, I’d suggest keeping a book with all your passwords in it. I know, I know, you’re not supposed to write them down, but this really is the best way to reference them. Keep it in a locked drawer. If you use an address book, you can add each password to the lettered page so they’re easy to find in future. Leave some space below each heading, so you can write in the new passwords as you update them. For good security practices, you want to make sure to do this every 3 months, at minimum, so you may want to include a date beside each as well.

What tips and tricks do you use to ensure your passwords are secure?