How to Make a Good, Complex Password

(Or how to make a good password without losing your mind.)

Aaaaaah passwords. The topic of hatred for users and systems administrators alike.

Users hate them because there are so many different requirements for passwords, and they're always so hard to remember.

Administrators hate them because users are always doing stupid stuff like putting in things like, "Password123!", are writing them down and taping them to their monitor, or are constantly asking for password resets.

With so many of us being required by the network administrators and IT staff at our companies to have long, complex passwords, change them every so often, and remember them, it gets old. Fast.

This is to say nothing of the ever differing rules of passwords from the various banks, financial institutions, and other places where a username and password are the credentials we must have to gain access to the all-important electronic data that makes up a good part of our lives here in the 21st century.

Oh, and then there are the conflicting rules about passwords:


Bleh!

OK, so what's the average guy or gal to do?

---

What Makes a Good Password?

A good password has three important characteristics:

1. It's hard for someone to guess.
2. It's easy for you to remember.
3. It's not written down on a post-it note taped to your monitor or the back of your keyboard.

That sounds easy enough, at least in concept, right?

Let's take them one at a time now.

What Makes a Password Hard to Guess?

For starters, a good password should never contain real words, no matter what the language.

There are freely, readily available programs today that take words from dictionaries and lists of first and last names as starting points, then go through each one 'til it matches on your password successfully.

Some of these password cracking programs can test thousands of words a second, so even if you think you're being clever by doing things like replacing vowels with letters, as is all-too common, it's really only a matter of time before yours is cracked.

Like it or not, that's the truth.

This is called a brute force attack.

This means longer passwords stand up better to cracking attempts than shorter ones.

The same thing goes for passwords that are only numbers, like your birthday or your spouse's birthday. If it's only numbers, it's only a matter of time before a brute force program beats your password.

So, if you can't use common words or names or numbers, what do you use?

Easy. Your own words made up of seemingly random bits of letters and numbers.

---

What Makes a Password Easy to Remember?

(Our Tips to Make a Good Password...)

Regardless of what rules may be in place at your company for passwords, it's important that your passwords be easy to remember.

Hard-to-remember passwords are passwords that get written down; passwords that get written down are arguably as bad as weak passwords.

The key then is understanding the concepts for making a good password moreso than feeling like you must come up with something incredibly complex and having to remember it.

So, once you know the rules of what a certain website or IT administrator, let's see if we can use this notion to come up with a password that will meet most companies' password complexity requirements. Passwords commonly:

• Must contain a mix of upper and lower case.
• Must contain letters and numbers.

Let's say this is for a web-based personal email accounts.

What things might you associate with the email account? Maybe it's things like: talking with your friends, sharing jokes with family, or doing online shopping.

So now, let's turn the idea into a sentence:

Checking email means time for good jokes and fun.

(Now let's turn it into a password that meets the requirements of the website.)

Checking

email

means

time

4 ("for" representened numerically)

good

jokes

and

fun

Here's what it looks like written out:

Cemt4gjaf

As you can see from the letters and number in bold above, just by taking the first letter of every word and turning the word "for" into the letter "4", you've come up with a memorable phrase that meets the password requirements of the website, is easy to remember, and very, very hard to crack.

Wow. That doesn't look like a word in any language, does it!

That's a good password where there are simple password complexity requirements, and even if you forget the order of the two items in your list, it's easy to just flip the two words 'til you get it.

---

Tips for a Complex Password

Now let's move on to something really tough. Let's create a password with the following requirements:

• a nine character minimum.
• must contain upper and lower case.
• must contain letters and numbers.
• must contain at least one special character.

(Now let's turn these rules and the same idea from above into a password that meets the requirements of the website.)

1. Checking
2. email
3. means
4. time
5. 4for
6. good
7. jokes
8. and
9. fun
10. .

Here's what it looks like written out:

Cemt4gjaf.

All we did is add a period to the end of our phrase, and we instantly turned our "simple" password into a more complex one.

Need something even stronger? Or have rules that forbid putting the special character at the end? Or maybe you need more than one special character? How about this?

1. Checking
2. email
3. means
4. 1
5. .
6. time
7. 4for
8. good
9. jokes
10. &
11. 2
12. .
13. fun

Here's what that monster looks like written out:

Cem1.t4gj&2.f

This is admittedly a really crazy, extreme example, but the point is for it to show just how easy it can be to take a basic concept and turn it into a password that's hard to crack, meets the needed password rules, and is memorable to you.