How to Create a Secure Password

Last updated: June 22, 2015 - 12:27pm EDT

What is a strong password?

We've shown you several different examples of what a weak password looks like.  So, then, what does a strong one look like?  Well, it would look something like this:


"Wait a minute!" you might say.  "That password looks like total nonsense!"  Well, that's sort of the point: it's difficult for someone else to guess because it's not in a pattern that anybody (except maybe you) would recognize.  You'll see that this password follows almost all of the rules for what makes a good password that we're going to list below.

What makes a good password?

1.  Make sure that your password is of sufficient length.

The first step towards making a more secure password is to increase its length.  The more characters that a password has, the more characters a hacker has to guess before they can break it.  Most websites will suggest -- and some will even require -- that your password is at least 8 characters long (our example is 11).  However, don't go overboard and make a password that's so long that you can't easily remember it yourself!

2.  Use different types of characters in your password.

Use both letters and numbers in your password.  Since there are 10 numbers (from 0 to 9) and 26 letters, a hacker will have to guess from between 36 different possibilities for each character in your password.  If you can, also try to use special symbols in your password (e.g. !,@,#,$,%, or &).  This can mean that a hacker will have to try between 50 or more different possibilities for each character in your password!

3.  If possible, use both upper-case and lower-case letters.

Many websites allow your account password to be case-sensitive; that is, they care about whether or not a letter in your password is capitalized.  If that's the case (no pun intended), use both capital and non-capital letters in your password.  This makes for 26 more possibilities that someone has to try for each character in your password if they want to crack it!

4.  Don't base your password on easily-recognizable patterns.

A common mistake that we pointed out with the bad passwords listed in our Worst Passwords article is that they all follow patterns that are relatively easy to figure out, such as:

  • Simple sequences of numbers

  • Common words or phrases

  • Other physical patterns, such as rows or columns of keys on a keyboard

There are a few different ways to avoid making a password like this:

  • Use more than one type of character (letters, numbers, or symbols).

  • Don't use too many of one type of character.

  • Don't use too many of one type of character in a row.

Our example, for instance, contains 4 letters, 4 numbers, and 3 symbols (so fairly equal proportions).  Also, the pattern is number-letter-letter-number-symbol-letter-symbol-number-number-symbol-letter.  This isn't an obvious pattern, as opposed to something like all numbers, then all letters, then all symbols; or number-letter-symbol, and repeat that until we run out of characters.

5.  Base your password on a memorable (but not overly common) phrase.

To make a strong password that's easier to remember, start with a sentence or phrase about something.  Then, write down the first letter of each word in that sentence, and then substitute in capital letters, numbers, and symbols from there.  For example, let's try this sentence:

  • "I went to Eat at Joe's for breakfast on Saturday, May 9th."

If we write down the first letter of each word, we get this:

  • iwteajfbosmn

Not bad; it's certainly long enough at 12 characters, and it doesn't appear in any sort of pattern to anyone who doesn't know the phrase that you based it on.  However, it only contains lower-case letters. 

Let's fix that by adding some numbers.  Not only is there already a number in the phrase (9), but since the number "2" sounds like the word "to", and the number "4" sounds like the word "for", we can substitute those numbers for those words.  Now, we have this:

  • iw2eaj4bosm9

Alright, now let's spice it up by adding some symbols.  The symbol "@" stands for the word "at", so that's an easy substitution.  In addition, if you look closely, the symbol "!" looks like a capital letter "I", and the "$" symbol looks like a capital letter "S".  Let's add those in now:

  • !w2e@j4bo$m9

Great, we're almost there!  Now, let's just add in the capital letters that were already in the sentence, and we get this:

  • !w2E@J4bo$M9

Voila!  We now have a password that is sufficiently long, contains all sorts of different characters, and doesn't follow any sort of pattern except the phrase that you based it on!


Alright!  Now that you know some strategies for creating strong passwords (and avoiding creating weak ones), it's time to put your skills to the test.  Our next tutorials will show you how to change or reset a password for one of your computer or Internet accounts, so that you can create a better one.


Mark_complete_sm Back_to_course Go to Internet 101 Courses

More Passwords Tutorials

See all 11 Passwords tutorials

Did you learn what you wanted to?

Was something in this tutorial missing, confusing, or out of date? Or did it give you all the information you needed, and you just want to say "thanks"? We'd love to hear what you thought!