7 Golden rules for Creating an Strong Password

Author : | Category : Security | Last Updated :

Passwords are our virtual safeguards in the murky online waters, where hackers lurk like sharks. Passwords have a wide range of applications today. We require them for almost every online transaction, and more than ever because our online time spends have grown considerably. so, it is must to have a strong password that can be remembered easily.

strong password

Hackers on the other hand have become smarter and are armed with latest tools. They spare no effort to breach passwords for stealing vital information. Statistics show that approximately 600,000 hackers logon to Facebook everyday for stealing personal information. Having a strong password provides piece of mind and considerable protection from hackers and phishing attacks.

Creating a password is an important issue as a strong password has to be unique and complex and at the same time easy for you to remember. What if you create a password today and forget it after a week? You can’t be serious about initiating a password recovery procedure every weekend.  So I shall share with you these top 10 golden rules for creating a password which is virtually unbreachable and also rememberable.

Long passwords are difficult to breach

This is a hard fact. Longer passwords with 15 or more characters are difficult to crack. A hacker will require approximately a week’s time to crack a 10 character password, whereas it will take him 1.49 million years to crack a 15 character long password. So any password below 15 characters cannot be considered safe.

Use a mix of characters

A password which contains a mix of upper case, lower case, numbers and special characters could take at least 2 years for a hacker to crack, even if it is as short as 9 characters. To give an example of such a password “36tADP@!e”, translated in English it would read 36 Tadpole. But look at the complexity achieved by including special characters and upper and lower case letters. Here 36 would signify the age of a person, making it easy to remember.

Never use dictionary words

Dictionary words are easy to guess, so should be avoided, literally at least, in passwords. Your system could be compromised if a hacker unleashes a Dictionary attack on your system. If you still must use a dictionary word in a password because it is easy to remember, then use it by inserting special and numerical characters in the middle. For example while using a dictionary word like “California” you could convert it to “KaL!4niaa”. That way it would save your system from a dictionary attack and also be easy to remember.

Avoid using slang

Slang words are common and repeatedly used, and guess what? they are the most obvious ones to guess. Slang words like “cool”, “awesome” and “hang out” are used by hackers as well, in their daily conversations. So what makes you think that they would not be able to guess them? Slang words are easy pickings for hackers. So avoid them by all means.

Never use your name or email ID as password

This is another golden rule you must follow while creating a password. An unknown hacker might not know you personally, but the person trying to hack into your account could be your friend or an old associate of yours. He might know you too damn well, and well enough to know your email ID and some other personal information. So using your own name or email ID as a password is nothing more but inviting trouble.

It’s a great idea to use phrases

Phrases are fairly long, character wise and can make extremely strong password which will also be easy to remember. But again the golden rule is that you have to modify the phrase by inserting numerals, special characters and upper/lower case characters to avoid being obvious. For example a phrase “Piece of cake”, is a fairly long password, where spaces can be replaced with special characters like “!”, “@” or “*”. A password like this would take at least 2,500 years to crack, making you secure for a lifetime”.

Mnemonic phrase based strong password

Mnemonic phrase based passwords are relatively easy to remember and fairly difficult to crack. They are basically passwords which are based on phrases; and use usually the first character of each word of the phrase as a character for the password. To give a fine example of a mnemonic phrase password, consider a line from “Hamlet”, by William Shakespeare “Alas, poor Yorick! I knew him, Horatio; would be converted into a password “A,pY!Ikh,H”. This password would take at least 200 or more years to crack. These kinds of passwords also provide reasonable resistance from brute force attacks.

An example of a reasonably strong password, which keeps in mind the above 7 rules would be “Easy2Rembr4U+compl!Kted” . Translated into English, it would read “Easy to remember for you and complicated”.

What makes this password strong?

  • It has 23 characters and that makes it fairly long and thus difficult to crack.
  • It uses a mix of all kind of characters including lower and upper case, numerals and special characters.
  • Uses just a single dictionary word “Easy”.
  • Does not use slang.
  • Does not use a name or email ID.
  • Has a phrase like structure.
  • Uses mnemonic methods where “2” ” 4” and “U” are used to denote “To”, “For” and “You” respectively.

Now with my golden rules over, let us talk about other precautions you need to take to protect your password and prevent a potential system breach.

Learn something from the Sarah Palin email hack case

US vice presidential candidate, Sarah Palin’s yahoo mail account was hacked in 2008, using the yahoo password recovery system. I guess we should all learn something from the mistakes Sarah Palin made while choosing her password recovery questions. Her account was hacked easily as she had used password recovery questions, answers to which were easy to find online, considering the fact that she is a public figure.

The questions which the hacker encountered were simple and their answers were available on Wikipedia. The hacker did not require any technical expertise in answering questions like her Birthday, her zip code (she comes from Wasilla, which has just 2 zip codes) and last and the relatively difficult one, which was “Where she met her spouse”. The hacker probably managed to guess the answer “Wasilla high” within a few minutes.

So choose difficult and unique password recovery questions which are difficult to find anywhere or difficult to guess.

  • Never ever share or disclose your password to even close friends or associates.
  • Never share passwords over emails.
  • Never write password on pieces of paper randomly and leave them lying around.
  • Install and use password management tools like LastPass and 1Password, which can store and remember your passwords.


The rules I have provided you with are a big step towards securing your system against external and intrusive threats. But the foremost and primary rule is to avoid being obvious. All these 7 rules mentioned above teach you the same thing, that if you are obvious, then you are vulnerable.

Digitalocean Banner