Creating and Maintaining Secure Passwords - a How-To

Page content

In many cases, a password is the only thing that stands between your personal accounts, devices and files and unscrupulous individuals. Unfortunately, one of the problems with passwords, (even strong passwords), is that users sometimes forget them. In an effort to avoid the inconvenience of losing a password, some persons use simple things like names of pets and family members for their passwords. Even worst, they may write down the password and attach it to the resource it is to secure, i.e. a computer monitor.

Before we can talk about how to maintain secure passwords, we must first ensure that we understand what a strong password is, and learn how to construct them.

Characteristics of a Strong Password

Characteristics of a Strong Password

A strong password should be at least 8 characters long and have a mixture of upper and lower case letters, punctuation and numeric characters. The password should not include parts of the user id it is associated with, or be generated from personal information such as the name or birth date of a friend or family member. As an additional security measure, change your password every 3-6 months and never write down your password somewhere where it can be easily discovered.

Passwords should be strong enough so they can’t be easily guessed, but you should be able to recall it from memory. Passwords should never be a word found in a dictionary (even a foreign one), because these are easy for hackers to crack.

How to Create a Strong Password

Try creating your password around a “pass phrase.” This will help you to remember the password, while at the same time making the password complex. An example of a valid, and secure pass phrase might be “aw&npmjadb.” This is based on the phrase “All Work And No Play Makes Jack A Dull Boy.” You can substitute special characters or numbers to add more complexity.

The Longer the Better

The longer your password is, the harder it will be for hackers to crack. You don’t have to use lots of characters to make you password strong, but by including numbers and special characters, you can make a good password even stronger. For the following examples, we will make the password length only 5 characters long, though it is best to make your passwords at least 8 characters long in the real world.

Passwords with just letters - By using just letter (a-z), the total number of possible password combinations is 11,881,376. This might sound like a lot, but hackers, with sophisticated hacking tools, can quickly break such passwords.

26 = possible characters you can use

x = length of password (5 characters)

26x = possible amount of passwords is 11,881,376.

Passwords with letters and numbers – By using letters and numbers (a-z, 0-9), the total number of possible password combinations rises to 60,466,176. This is a little better than passwords with just letters, but it can be better.

26 = number of letters in the alphabet (a-z)

10 = numbers in the decimal system (0-9)

36 total number of possible characters (10+26)

x = length of password (5characters)

36x = possible amount of passwords, 60,466,176

Passwords with all possible characters – By using just one character from each character group, you significantly increase the total number of possible password combinations, and with that, you decrease the likelihood that your password will be cracked. By using characters from all groups the number of possible passwords combinations rises to 7,339,040,224.

26 = number of letters in the alphabet (a-z)

10 = numbers in the decimal system (0-9)

32 = special characters ([email protected]$$% etc)

x = length of password (5 characters)

94x = possible amount of passwords, 7,339,040,224

Common Password Mistakes

Cyber criminals use sophisticated tools that can rapidly decipher passwords. Your passwords won’t be secure if you make these common mistakes:

  • Using dictionary words
    Dictionary words in all languages are vulnerable.
  • Using words that are spelled backward
    Don’t use common words or acronyms (spelled forwards or backwards). Words in all languages are vulnerable.
  • Using sequences or repeated characters.
    Using adjacent characters, that are found on your keyboard is asking for trouble. Examples include: abcdefg, 12345678, qwerty, qazwsxedc.
  • Using personal information.
    Your name, social security number, birth date, driver’s license number, passport number, etc, or variations of the same.
  • Using common passwords
    Examples include: admin, letmein, guest, qazwsxedc, qwertyuiop, password, user, or admin.
  • Writing down passwords or sharing it
    Passwords should not be shared or written down where they can be easily found. Once you share your password, change it.

How to Maintain Secure Passwords

There are many ways that someone can use to get your passwords, but you can defend against most of them, and maintain secure passwords by applying these tactics:

Use different passwords – Don’t make the mistake of using one password for your banking, computer logon and Internet transactions. You should use a different username and password for each resource you are trying to protect. That way, if one gets compromised the others are still safe.

Use a password management tool - Another way to store and protect your passwords securely is to use a password management tool. These tools can securely store your list of usernames and passwords in an encrypted form. In some cases, they can even automatically fill-in the username and password into logon forms for you. However, avoid using Auto-Complete password-saving features because they completely nullify the advantage of having a password in the first place.

Enforce the password policy - Password administrators can set devices to accept only passwords that meet the security policy. The password policy can determine minimum password length, the frequency with which passwords must be changes (i.e. 3-6 months), and require the use of special characters.


Regardless of how strong a password is, it is of no use if you don’t secure the password itself. Protect your keyboard when you are typing your password, and log off, or lock your computer screen when you are not using it. It makes no sense to secure the entire castle, but leave the keys to the front door on the entrance steps. Follow these simple steps and you should have no trouble maintaining secure passwords.