How to Create a Secure Password You'll Actually Remember

secure password strength

Let’s face it, remembering passwords isn’t fun at all, especially when almost everything in our lives now requires one. While some people try to make it easier by using the same password everywhere, most skip the effort of creating a secure password, and that’s just like leaving your front door unlocked.

What Makes a Password Weak?
To learn how to create a strong password, we have to understand what makes a weak password. Passwords containing dictionary words or a line of characters across the keyboard, like “1234” or “qwerty,” are typically considered very weak and as a result, can be easily guessed.

Here are the top 10 most popular passwords in 2014 according to data security and research firm SplashData, all of which are not secure.

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. qwerty
  6. 123456789
  7. 1234
  8. baseball
  9. dragon
  10. football

Can you believe “123456” was the most popular password?!

Creating a Strong Password
A strong password should be at least eight characters long and contain not only both numbers and letters, but also special characters like !, #, $, and &. Be sure to use both uppercase and lowercase letters, and of course, a longer password is always better than a shorter one.

The reason for this complexity is not to fool a human trying to guess your password, but rather a computer. The most common password hacking technique is called “brute-force” — just like it sounds, it is unsophisticated. A program attempts to guess your password with 10,000 guesses per second, and some brute-force programs even advertise millions of guesses per second. Most of these attacks start with dictionary words, which is why you should avoid using them or any variations like “d1ct10nary!”

This chart shows how password complexity can drastically increase the time required for a brute-force attack to correctly guess a password.

  Average Time to Hack Password with 10,000 Guesses per Second
Average time to hack password

As you can see, a simple password of only five lowercase characters can be guessed in under 10 minutes. At seven characters long with a combination of numbers, special characters and cases, the password is essentially secure, requiring 102 years to be correctly guessed.

Use Patterns to Remember Unique Passwords for All of Your Accounts
Cyber-security doesn’t stop with a single strong password. You should strive to use different, but equally strong, passwords for all of your accounts because if one account is compromised, the others will still be safe. You wouldn’t want someone that hacked your Facebook account to have free rein over your banking account.

At this point you may be thinking, “so my password is embarrassingly insecure, but it’s easy to remember!” That’s exactly how “123456” became the number one password in 2014. Here’s the thing: a complex password can actually be easy to remember. The trick is to remember a pattern rather than a series of passwords, and use one or two variables from the account you are logging into so that each password is unique. Let’s look at an example.

Sample pattern for a ten-digit password:

  • Middle two digits of the year you were born (personal information that is easy to remember)
  • Last three letters of the product name you are logging into (the variable)
  • The characters “7” and “&” (random but easy to remember because the & symbol key is the same as the 7)
  • First three letters of mother’s maiden name in all caps (personal information but gets you your capital letters)

If I used the above pattern to create a Facebook password, it would be “98ook7&BAT.” For my Windows computer, it would be “98dow7&BAT,” and a password for a Discover credit card would be “98ver7&BAT.” To someone who doesn’t know the pattern, those are very complex passwords that would be hard to guess, even for a brute-force program.

Don’t Take Cyber-Security Lightly!
Passwords are a serious matter because they’re the gateway to your online personal, financial and professional life. Weak passwords can leave you vulnerable to an attack, so use complex phrases and patterns to strengthen your cyber-defense. If nothing else, please stop using “123456” as your password!