How to Build Strong Passwords

What's the definition of a good password? It's a secret code that's hard for hackers to break and easy for you to remember.

I'm Niels, FoolProof's VP of Techie Stuff. We've told you in other reports about creating passwords, but as the geek in FoolProof, I wanted to give you a smart way to build a really good password.

First up, let's talk about how hackers work. Knowing this helps you see why you have to be careful with passwords.

Hackers generally fall into two categories: "Brute force" and "targeted attacks."

Brute force attacks are automated scripts trying, many times per second, to break your login details. These hackers use massive databases containing most common passwords, entire dictionaries, common phrases, common names, and common combinations of names and number to collect your login information.

Targeted attacks try to get access to specific accounts of specific people. For example: somebody wanting to hack your e-mail account. The "targeted attacks" hackers put a lot of effort into hacking each account. At a minimum, they collect lists of personal information about you. For instance, your full name, your family member's names, your pets' names, and your date of birth…you name it. Most of that information is publicly available or easy to find on social media sites. Some of the information is from stolen sources, but most is available from legal sources.

If you add to that big pile of information your credit card information, which the hacker might have obtained by hacking into a company's customer database, the attacker hit the jackpot. Hackers take all of that collected information and use computer programs to figure out your passwords. Their computer programs are smart enough to try slightly altered passwords; ones that substitute the number three for the letter E, for instance.

So, how do you protect your password?

Follow these tips:

  1. Your password should NOT be a word or name, or any combination of the two. The final password should not make sense to anybody.
  2. The password should be at least 8 characters long, include numbers, and contain upper and lower case letters.
  3. To be really safe, throw in some symbols, like @, !, - +.
  4. Use a different password for each account. This sounds pretty daunting, but it is important. If one of your accounts is hacked, all of your other accounts can quickly be hacked, too.

Develop your own unique password-generating system.

Long passwords containing the characters mentioned above can be hard to memorize. However, there is a way to make it simpler, but only if you make using this system a habit. The more you use it, the easier it will be to create and memorize long and effective passwords.

  1. Decide on a "root" password. You're going to use this as part of all your passwords.
  2. Your root password should consist of at least 8 letters and number, upper and lower case. Some sites don't allow symbols in passwords, so make sure your root password doesn't contain symbols.
  3. For each account, you add a piece to the root password. This piece can be the name or function of the service, the color of the logo, the last five characters of the DOMAIN name, or whatever you decide. In this part, be sure to include a symbol or two.
  4. Apply some kind of mutation or system to the last piece: include an uppercase letter, change o's to 0's (zeros), add a dash in the middle.

Still following me? If so, you'll have yourself a nice, impossible-to-guess and hard-to-break password. And the best part is: your brain will be able to "recreate" passwords you chose, without having to memorize them all. Also, saving only a hint to the last piece you chose per account in a document will render it useless to unauthorized readers.

Now, here's an example of how to build a password:

  1. Choose a quote from your favorite movie or actor, or a line from a song. Take all first letters and add the year of the movie's release, or the actor's birth year. I also shuffle the order of parts a bit, apply vowel substitution, and use upper case for the first letter.

    Movie example: Lock, Stock and Two Smoking Barrels from 1998.
    Line: If the milk turns out to be sour

    Password example: 19Itmt0tbs98

  2. For the second piece, I choose the service the account provides, capitalize the first character and substitute vowels. Then connect the two parts with the hashtag symbol: #.

    Passwords I use would look something like this:

    Banking: 19Itmt0tbs98#B@nk1ng
    Email: 19Itmt0tbs98#3m@1l

  3. Since you will be using the first part of your password a lot, you will memorize this in a few days. The key to success with this password creation approach is making it into a system.

  4. Additional tip: If you happen to have any accounts on potentially "sketchy sites," use only the basic root-password. In my case that would be "Itmt0tbs".

That's it. See how easy it is to have a 20-character, mixed password?

I admit this may sound a little complicated at first, but it's really not. Read it again, then try to play with this a little and you'll see what I mean. It will really give you an unbreakable password. Plus, I even got (most of) the FoolProof Team to use this system... And if THEY can do it...?! ;)

Well, I hope this helps. Do let me know if you have any questions!

Cheers, Niels.

FoolProof Fast Facts:


Get an overview of the latest posts delivered to your inbox every two weeks:

Sign up for e-alerts

Sample an archived e-alert here.

Follow Us:

Find A Branch / ATM Machine