How to choose a secure password you can remember

A recent news story announced that the new “worst” password is 123456, replacing “Password” as the number 1 most commonly used password. What are you to do, when your accounts are being attacked from every angle, and your password is your primary line of defense. Choose a secure and memorable password. Using a brute force hacking attack, a hacker can break a 5 character password in about 10 seconds. So how do you slow them down?

1. Passwords should be at least 8 characters long

The longer your password, the more difficult it is to crack. Many websites require 8 characters as a minimum, so use this as a starting point. According to an article on password security by Robert Graham, hackers are able to guess passwords during a brute force attack at a rate of 1 billion guesses per second. If a password uses all possible characters, that gives you 100 possibilities per character. The longer your password, the hacking time goes up exponentially. If your password is “6 characters = 1,000 seconds 7 characters = 1 day 8 characters = 115 days 9 characters = 31 years 10 characters = 3,000 years”

2. Use a random sequence of words and letters you can remember (include capital letters)

Create a memorable sentence of eight or more words, such as “My kids are great and I love my job.” Take the first letter of each word to create your base password. My example would give me “MkagaIlmj” This sentence also allows me to use a combination of upper and lower case letters. Don’t use any word that is in the dictionary in your password. Hackers will also use a library of dictionary words and alternate versions of words to easily check your password for an easy crack.

3. Add numbers and symbols to your base password

Once you have created your lengthy base password, add numbers and symbols to it to add to the security rating. I replaced the word “and” with “&”My example above might be something like “Mkag&Ilmj41″ Using this combination, it would take a hacker 4 thousand years to crack my password in a brute force attack. Now that you have a secure password, DON’T use it for everything…

4. Create password versions for each log in

Now that you have spent the time effort to create a secure password, don’t make it easy for a hacker who may obtain your password to break into ALL your accounts. Although a secure password will help to prevent a brute force hack, it won’t help if your computer has spyware that has been recording and transmitting your keystrokes. If this happens, you don’t want that one password to be the key to all your accounts. Use the base you created in step 2, and create a unique string of symbols, numbers, and letters to the beginning or end (or both) of the base. For example “Mkag&Ilmj41″ may be for your bank account, but “#M@!lMkag&Ilmj48″ may be for your email.

4. Test a version of your password on a password checker.


Once you have an idea of your new secure password, give it a test on a password strength tester. I like since it gives you an analysis as to why your password is being rated as it is. This will allow you to adjust your password choice to make it as secure as possible. You can also check out to see how long a normal desktop computer

WARNING/NOTE: This should go without saying, but never enter your actual password into a password checker, just enter a different version of your password using similar phonetics. For example, if you have chosen EgS#^sf12 as your real password, enter WyX(%73ns as your tester password. It still includes upper and lower case, numbers, symbols and is 9 characters long. You should get the same evaluation score without entering your password into an unknown website.

Tip to Remember:

  • Don’t use your name in your password, that’s just to easy
  • Be sure to change your passwords regularly. If you account password is compromised, it may be some time before it is used, so changing your passwords regularly will help eliminate this gap.
  • If all of this is too confusing, look into a password manager to help you remember and create secure passwords.