6 min read

How to Make a Strong Password in Five Steps

How to Make a Strong Password in Five Steps

If you’re wondering whether you need stronger passwords, you almost certainly do. Much to the dismay of IT staff everywhere, the default passwords of many web users are laughably inadequate. As of 2021, the most common password is still “123456,” followed closely by “qwerty” and “password.”

While your passwords hopefully aren’t that bad, there’s a good chance that they’re still insufficient. Passwords need to be strong enough to protect your account from both humans and machines trying to crack them. While creating a truly secure password can take a little extra effort, it’s well worth it. The key is to create passwords that you can actually remember, so you don’t fall into the trap of using the same simple passwords across multiple accounts — something studies show 92% of internet users do. 

Another recent report also revealed that more than 15 billion stolen logins have been published on the dark web, and trust us — you don’t want yours to be among them. Having strong passwords helps to protect your emails, personal files and financial information. You already know that the consequences of getting hacked can be severe, and no one wants to become a victim of fraud or identity theft. 

Here are five steps on how to create a strong password to better protect yourself from even the most sophisticated hackers.

1. Avoid The Obvious

Let’s start with the passwords you should never use. 

  • Any word that appears in the dictionary, even if it is followed or preceded by a number, punctuation mark or other special character 
  • Common, simple phrases, like “goodmorning” or “makemyday”
  • Sequences of letters of numbers, like “abcd” or “1234”
  • Keyboard patterns like “qwerty” or “asdfg”
  • Names from pop culture, like “HomerSimpson” or “Luke_Skywalker”
  • Words or phrases with all the vowels or white spaces deleted 

All of the above passwords are simply too common or easy for hackers to guess, and they don’t protect against what’s known as dictionary attacks: hacking algorithms that systematically enter every word in the dictionary to try to guess a password.

If any of your passwords match the above descriptions, read on, because you need to change them. Now.

2. Avoid Personal Information

Hackers aren’t the only bad actors who could try to access your personal accounts. As unpleasant as it is to think about, our accounts could also be breached by people we know. It’s important not to use passwords with identifying personal information, since they may be easier for people close to you to guess. 

That means that the following passwords are off limits, too. 

  • Your name, nickname or initials
  • The names of your child or pet
  • The name of your street, or the street of your childhood home
  • Important birthdays or anniversaries
  • Your license plate number or Social Security number
  • Any addresses

3. Go Long

Here’s the golden rule of passwords: the best passwords are long ones. Although shorter passwords may be easier to remember and quicker to enter, they’re much easier to guess — which is why most websites and services now require passwords to be at least eight characters long with special characters mixed in for good measure.

In many instances, though, even eight characters is too short. We recommend at least 10 characters, because of the simple math: an eight-character password allows for 645,753,531,245,761 (645 trillion) character combinations. A 10-character password allows for 3,255,243,551,009,881,201 (about 3 quintillion) combinations. When trying to figure out how to make a secure password, every extra character added offers exponentially more protection.

4. Start With a Phrase or Sentence

How do you get to that length? The simplest way to meet that character count while creating a password you can actually remember is to start with a phrase or expression, combining a series of words that are meaningful to you. 

These could be:

  • An expression your parents used to tell you
  • A quote from a movie or book
  • A lyric from a song or poem
  • A historical fact

For example, say you’re a Notorious B.I.G. fan. You could take the rapper’s iconic “Juicy” lyric “It was all a dream, I used to read Word Up! Magazine” and turn it into an acronym. With a few character additions, replacements and some random caps, you can arrive at a strong password like “iWaad.eyeu2rWU!M.”

5. Mix and Match These Nifty Tricks

  • Incorporate a mix of alphabetical and numeric characters
  • Combine a mixture of upper and lowercase characters (remember that passwords are case sensitive)
  • Include symbols like !, @, #, $, %, ^, &, *, < and >
  • Replace a letter with another letter, number or symbol. The letter “e” could become a “3,” for instance, or 0 could become (). Using this trick alone isn’t sufficient to make a secure password, but it’s incredibly effective when used in combination with other tricks. 
  • Use deliberate misspellings. “Funk” could become “phunk,” or “Paris” could become “Pearees,” for instance.
  • Go obscure. “Arm and hammer” could become “armin_humm3r,” for instance, leading to a powerful password like “arMIN-[hum]m3r.” The more creative you can get, the more secure your password becomes.

Here’s where you can get creative. Mix and match the following techniques to obscure whatever sentence or phrase you’ve decided on. You don’t need to use all of these techniques — remember, the goal is to create a password you won’t forget — but using even just two or three will go a long way toward creating a password nobody else could possibly guess. 

You’ve made the perfect password. Now protect it. 

Creating an uncrackable password is a great first step to protecting your private information, but maintaining it can be a challenge in and of itself. The following best practices will help you keep your password private and secure.

Never share your password. This sounds obvious, but never share your passwords with anyone — even people you trust. There’s too much of a risk that they might leak it. And since many of us reuse passwords across multiple sites (even though we shouldn’t), there’s a risk that sharing a login to, say, accounting software could be a skeleton key to access more sensitive services, like your company email. 

Avoid using passwords repeatedly. Just because a lot of us are guilty of this doesn’t mean it’s safe to keep doing. Creating multiple passwords ensures that if one password is cracked, the rest of your accounts remain safe. 

If you’re using the same base password for multiple sites, then add additional characters to it and make sure that those additional characters are as unique and hard to guess as the base password itself. Sure, this makes for a lot of extra work, but the added security makes it essential.

Keep track of your passwords with a password manager. To be truly secure, you’ll want a unique password for every login you use — and that’s a tall order, since most internet users accrue dozens of logins. That’s more than anybody could be expected to remember, which is why many users turn to password managers. These encrypted digital vaults store secure password login information across all platforms, including websites, mobile devices and apps. They’re a handy shortcut since they can also autofill forms and sync across Macs, iPads, Windows PCs, Android phones and many other devices.

Many of the well-regarded password managers, like LastPass, 1 Password and Dashlane, offer free versions, which usually let users store passwords for at least one device. Paid versions offer support across many more platforms. 

You will, of course, still need to create and remember one master password if you use a password manager, so it’s crucial that you make that password as strong and memorable as possible.

If it helps, you can write down that one master password somewhere, as long as you’re smart about it. As IT experts say, “You can’t hack paper.” Writing it in a notebook you keep out of sight is probably fine. Writing it on a Post-It note you keep on your desktop computer, of course, is not. And make sure you keep that password off of your phone or notes app — the idea is to keep it off the cloud and on a piece of paper only you can locate and access. 

There is still some disagreement about whether it’s ever acceptable to jot down a password. However, most security experts believe it’s worth the minor risk, since it prevents people from cutting corners and creating weak or reusing weak passwords.

If your password is secure, there’s no reason to change it. Speaking of best practices that have changed over time: experts now say there’s no need to change your password every 60 or 90 days, which for years was their default recommendation. The thinking now goes that forcing users to change their passwords that often makes it too tempting for them to cut corners with simple or reused passwords.

“Password expiration requirements do more harm than good, because these requirements make users select predictable passwords, composed of sequential words and numbers which are closely related to each other,” Microsoft explains. “In these cases, the next password can be predicted based on the previous password. Password expiration requirements offer no containment benefits because cyber criminals almost always use credentials as soon as they compromise them.”

In other words: one great password you use for a long time offers much better protection than a disposable weak one.

Use multi-factor authentication. A great password will go a long way toward protecting your accounts — but you’ll never find an IT expert who would argue against additional protection. One of the easiest additional protections to implement is multi-factor authentication, which makes you verify your identity by sending a code to your mobile device or email. This prevents somebody else from accessing your account, even if they know your username and password. It also alerts you to the possibility that somebody is trying to hack your accounts. Receiving a code you didn’t authorize lets you know that you need to immediately change your password.

Cortavo Offers Protection

Weak passwords are just one of the security threats we see a lot at Cortavo. As a seasoned IT provider, Cortavo affords small and mid-sized businesses the resources they need to stay protected while removing the burden of IT. Our sophisticated IT services help protect you and your business’s sensitive information.

In fact, our Cortavo Complete solution deploys a total IT infrastructure kept to evolving security standards. Paired with that, you’ll get your own Virtual CIO (vCIO) devoted to periodic reporting, strategic advice, analysis and plotting a seamless IT roadmap for your company. This holistic IT cognizance situates your small business with a cyber security strategy fit for enterprise companies.

Our firewalls, managed antivirus and spam protection help keep your company safe from potential cyber risks and free of distracting spam. Our help desk is available 24 hours a day, 7 days a week and 365 days a year, so you’re supported around the clock in case of an attack.

If you would like to learn more about how Cortavo can unburden your business of complicated IT issues and give your company peace of mind, call us at (866) 267-8286 or contact us through www.cortavo.com.

Click to learn more.


Secure Passwords: Your Everyday Ally

Secure Passwords: Your Everyday Ally

As you might be aware, October is National Cybersecurity Month and much of cybersecurity centers around passwords. This topic seems banal, yet it’s...

Read More
What Is Phishing & When You’re Phished

What Is Phishing & When You’re Phished

What Is Phishing? What is phishing is a great question. It’s when someone sends you an email that looks like a legitimate email. These emails can...

Read More
Internet Safety vs. Cybersecurity: What You Need To Know

Internet Safety vs. Cybersecurity: What You Need To Know

Internet Safety vs. Cybersecurity The terms roll off our lips all the time, but we seldom really think about them. The 21st century is completely...

Read More