Tech Tip: How to Choose a Strong Password


Some of our previous blogs reviewed in detail about what a Password Manager is, and some of the key factors that need to be taken into consideration when deploying one for your business.

Essentially, Password Manager technologies allows you to create long and complex passwords in just a matter of seconds. However, despite this key advantage, there are many organizations out there that still opt to have workers manually create their own passwords.

With that, these passwords should be difficult to crack (according to your Security Policy that has been set forth). There are also certain guidelines that need to be followed in order to create robust passwords.

How to Create a Strong Password

1. Stay away from creating these kinds of passwords:

  • Password and 1111:  Believe it or not, there is a strong tendency amongst workers to use these kinds of passwords. After all, they’re easy to remember, right?

    Yes, they are, but these are the types of passwords that the Cyber attacker will go after. Make sure that your workers do not create these kinds of passwords under any circumstances.
  • John1969:  People think that when they use a combination of words and numbers a strong password has been created.

    Theoretically this is true, but in these instances, workers tend to use their first or last name, as well as their birthdate or graduation year.  The Cyber attacker will more that likely be well aware of this. Which will lead to a hack into these kinds of passwords with the greatest of ease.
  • Jane is the sister of John Doe, and JaneDoe is the newly created password: Very often, workers will tend to use the name of a close relative, like the one used in this example.

    While it is a stronger password, a “dictionary” attack launched by a Cyber attacker can guess this kind of password very easily.
  • A real-world example of poorly created passwords:  Adobe Corporation is well known for the Cyber-attacks that it has come under, and a lot of it had to do with the weak passwords which were created – passwords such as:





2. The newly created password should contain a minimum length of characters:

Most workers create passwords that are just 6-8 characters long, so that they will be easy to remember. However, your Security Policies should mandate that newly created passwords should be at least 10-15 characters in length.

3. Be sure to include a mix of characters:

This means using a good combination of uppercase and lower case letters, punctuation marks, numbers, as well as other special symbols (such as using [, ], {, }, _, -, ^, /, , =, +, %, #, (, ), $, and @).

A good example of this is: B1gH0u$3*123.

4. Avoid using dictionary-based words:

As we said above, a Dictionary based Cyber-attack literally looks for passwords that have come from the dictionary.  A prime example of this is the word “house”. Also, don’t use a combination of dictionary words, such as “bluehouse”.

5. Do not use obvious substitutions:

Although we have stated that you should use a mixture of uppercase and lowercase letters, it is also important to remember not to create obvious substitutions as well.  For example, you don’t want to start with creating the password “house” as “hOuse”.

6. Never use the same password again:

Have your workers keep creating brand new passwords each and every time that they are required to do so.  It is tempting to reuse the last password because it is easy to remember. Once again, however, refrain from having your workers doing so.

7. Be creative:

It is important to note that a password should not just be a “word”.  Rather, it can also be a long phrase that is easy to remember.

For example, think about some of your favorite sayings or phrases, and make those into a long password.  Here are some examples:

  • 2BorNot2B_ThatIsThe?   (To be or not to be, that is the question – from Shakespeare)
  • L8r_L8rNot2day   (Later, later, not today – from the kids rhyme)
  • 4Score&7yrsAgo   (Four score and seven years ago – from the Gettysburg Address)
  • John3:16=4G   (Scriptural reference)
  • 14A&A41dumaS   (one for all and all for 1 – from The Three Musketeers, by Dumas)

Or, to have some fun with it, create passwords based on some of the websites that you frequently visit.  Here are some more examples:

  • ABT2_uz_AMZ!   (About to use Amazon)
  • ABT2_uz_BoA!   (About to use Bank of America)
  • Pwrd4Acct-$$   (Password for account at bank)
  • Pwrd4Acct-Fb   (Password for account at Facebook)

To be ultimately creative, create a password based upon a pattern that you imagine on your computer keyboard:


This password is actually the pattern W “drawn” on the keyboard:

It is important to remember that your Security Policies need to reflect what specifically constitutes a strong and secure password. Once this has been formulated, you also need to motivate your workers to create these kinds of passwords.

The best thing to do for this is to have direct training sessions with them. Creating a long and hard to guess password is one of the least favorite chores of any worker.

As mentioned, have fun with it, or perhaps even have a contest as to who comes up with the most creative password.

**Of course, this should be done for passwords that have been previously used, not for current ones.

Hacking passwords will always be one of the first targets for a Cyber attacker, and there is no doubt that this will be a daunting task for you, the business owner, to keep ahead of.

Passwords have been and will continue to be around for a long time. There are new alternative technologies like Biometric Technology that are currently being used in small phases.  This topic will be covered in a future blog. Stay tuned!!!


Facebook Comments


Please enter your comment!
Please enter your name here