Top 10 Steps to Building a Better Password

As a longtime cybersecurity enthusiast, I’m intrigued whenever there is a huge headline-making, media-frenzied security breach. Eventually, my curiosity gives way to disappointment. The fight against cybercrime never ends, but winning a battle or two would be nice.

While most folks not in the depths of your IT department have little involvement keeping your organization’s data under wraps, there are some best practices that even the least tech savvy among us can deploy. Apparently keystroke encryption, anti-malware products, and patch management are the keys to keeping big data safe these days. But a strong password is a great start, too.

I’ve always been fascinated by passwords. When I was an IT support technician, I’d occasionally need a user’s password. More than ten years later, I still remember some of those passwords, and I bet some of those folks are still using them or at the least a close variation. This is especially concerning since some of these users dealt with personnel records, credit card info and other potentially sensitive documents.

To do my part in the seemingly never ending war on cybercrime, I’ve put together the top 10 tips to make your passwords a lot harder to hack whether you’re protecting your email, your work computer, your World of Warcraft account, or just your online banking access.

1. Length Matters. Every character added to your password increases its security tremendously. So your password is only four characters, huh? You might as well be asking a complete stranger to read your e-mail. Though eight-character passwords are very popular, if you want to make a hacker’s life hellacious, create a 12 or 14-character password.

2. Don’t Use Names. If I were trying to guess your password, my first guesses would be a name: yours, your wife’s, your kid’s, and your pet’s if I knew you well enough or had access to your completely public Facebook account. Cap’n Barky is a great pet name, but as far as passwords go, it’s kind of weak—especially since Cap’n Barky’s very own Facebook page is open to the public as well.

3. Use Uppercase Characters. By using at least one uppercase character, you ensure the security of your password. If you capitalize a letter other than the first, which is not surprisingly the most popular, you greatly increase your password’s security.

4. Use Special Characters. You’d be surprised how much more difficult an asterisk, exclamation point, or plus sign will make your password to crack. Let your inner geek go wild with choices like “linux+Penguin,” “BigB@ngTheory” or my probable future DC Online password “greenLan+ern.”

5. Keep It Complicated. Essentially every word allowed in Scrabble, even if it contains the letters Q, X or Z, is unusable by itself as a secure password. Ever thought about using “12345678” or “qwerty”? Don’t. The same goes for “password,” “internet,” “security,” and “letmein.” Even though I am a fan of the popular alternative “p@ssword,” add some numbers or an uppercase character to secure it further. If you’ve used common passwords, it’s okay; most of your peers have done it in the past. Just make sure it stays in the past because those weak passwords won’t last long against a determined hacker.

6. You Can Never Use Popular Place Names Again. You were born in Richmond, and it’s a fine city, but it makes for a bad password. I hear that Florence, Italy, and Florence, SC, are both great places to live, but steer clear of place names when it comes to password creation. Eight-letter words are very tempting—I’m looking at you, Portland—but they’re just too dangerous to use. I bet plenty of Atlanta residents use “atl30322,” the popular nickname for Atlanta plus the zip code. Don’t be afraid to use some creativity.

7. Keep It Creative. Speaking of creativity, the Green Bay Packers and Pittsburgh Steelers had awesome seasons, but don’t do it. I’m a longtime Duke Basketball fan, but they’ve never made an appearance in my password tourney. I’m a low-key Black Eyed Peas fan, but that’s no reason to base my password security on them. Actually, I have to confess “Ferg@!icious” just might work.

8. Numbers Aren’t As Secure As They Used To Be. There was a time when your birthdate would have probably made a fairly secure password. Not anymore. Same goes for your anniversary, the year you were born, your full Social Security number or the last four digits, a telephone number, and the aforementioned zip code. Adding at least one letter to your numerical password is a good habit—just like adding one number or an uppercase character helps secure a password of mostly letters.

9. Make It Memorable. When I used to be tasked with resetting passwords, I found that the users who forgot their passwords most often were the ones who were most likely to “dumb-down” their passwords. They gave up security for convenience despite having a readily available department on duty to reset passwords in an instant. A secure, memorable password is not hard to achieve with some effort. There has to be something with some associated numbers that has some meaning to you every time you stare at that empty password field on your computer screen even after a week’s vacation. Just don’t be tempted to ever write it down.

10. Acronyms Can Help. How secure do you think “Idw2mmpw2l” would be? It’s simply the sentence – “I don’t want to make my password too long.” Memorable acronyms like “The quick brown fox jumps over the lazy dog,” resulting in “tqbfjotld,” would prove to be less secure than something random unless you throw in an uppercase letter, a number, or special character or two. Actually, I came up with this method when a co-worker I supported “cns2rh@#$%pw,” or, in other words, “could never seem to remember his darn password.” Only slightly paraphrased of course.

Of course, a strong password is the first step. It’s essential you keep your browser up-to-date and patched to the latest version available not to mention you update your antivirus software. After all, even the most complex new password is useless if you haven’t removed malware from your computer or if a keylogging virus has been downloaded, which will still allow the hacker access to your data.

If you’re as enthusiastic about cyberwarfare trends as I am, consider looking into our complete cybersecurity portfolio and take a course. With everything from foundations and introductory courses to certification prep, we’ve got offerings to cover just about all your cybersecurity and privacy interests.

Related Posts

Password Complexity: You’re Doing It Wrong

Cybersecurity Awareness is Cybersecurity Job One

In this article

Join the Conversation