Creating Strong Passwords

Posted on January 7, 2009 by Daniel Petri in Security with 0 Comments

In today’s digital world one of the most important pieces of personal identity is the user’s private password. Passwords are used to protect various aspects of our digital life such as our AD user account (used to log on to network resources), email accounts (such as Yahoo!, Gmail, Hotmail and others), credit card accounts, online banking (such as PayPal), online shopping (such as eBay) and more.

Analysts estimate that about half of the people with digital identities will have them stolen sometime. Most of the victims will not even realize it until it is far too late, after they realize that someone has made transactions in their names and stolen their personal information and funds.

Even if you choose a seemingly long password there is no guarantee that it’ll stay safe. Today’s script kiddies use easy to obtain scripts and programs that can mount brute force and dictionary attacks on your account.

Therefore, in order to help prevent your identity from being stolen, strong password requirements should be used as often as possible. Here are some tips to help you create strong, secure passwords.

Passwords should

  • Never use an alphabetic series either forwards or backwards, i.e., ABCDEF or FEDCBA.
  • Never use a numeric series, either forwards or backwards, i.e., 123456 or 654321.
  • Never use a string of all identical letters or numbers, i.e., AAAAAA or 111111.
  • Never use a common keyboard shortcut, i.e., ASDFG or QWERTY.
  • Never use your name or user id, or any variation thereof, such as your name or user id spelled backwards, with mixed case letters, etc.
  • Never use a word(s) that can be easily associated with you, such as the name of your child, pet, spouse and so on.
  • Never use a common word that you might find in a dictionary.

Strong passwords should be created by

  • Creating a password that is at least eight characters long, however be warned that because of various hash vulnerabilities, using any password that is shorter than 14 characters is as non-secure as using a 6 character password.
  • Combining the first letters of each word of a known phrase to produce the password.
  • Including at least one symbol or number in the password, but preferably not just one at the end.
  • Using a varying combination of lower and upper case letters in the password.

Here are some example:


  1. Select a 4-letter word.
  2. Select a 4-digit number.
  3. Change the order of the numbers and letters.
  4. Capitalize a letter.
  5. Add one or more special characters such as *, %, # or !

This is a bad password: qwerty12345

This is a bad password: Admin12345

This is a bad password: asdASD123

This is a nice password: P@$$w0rd!4MyC0mputer

This is a cool password: P@$$4MyPayPalAcc0unt!

You can even write a phrase, combined with numbers, lower and upper case characters, and special characters, but in a different language, yet type it in English letters. For example: sbhtkPYRH!@#$%12345 (my name in Hebrew, first name small characters, last name upper case characters, 1-5 keys presses with SHIFT, and 1-5 in regular numbers).

Password security can be maintained by

  • Use a different password on each account you have.
  • Change your passwords at regular intervals such as once every couple of months.
  • Never write your passwords down. No, writing them on a sticky note and posting them upside down or face down on your to-do board does not provide extra security!
  • Never sharing your password with others. No, calling you and asking for your credit card account password is NOT a common practice by ANY credit card company!