Creating Strong Passwords and Sets of Passwords

Is it any surprise that most people create passwords that are extremely easy to crack or guess?  Or that most of us use the same password for many of our important accounts like our email, banking, credit cards, and social media? Criminals depend on this fact!  That’s why they try so hard to phish for passwords at social networking sites or through bogus emails pretending to be everything from Amazon notices to Apple ID resets to banking notifications.  They hope that those captured or decrypted passwords, along with account holder’s names, will get them into lots of financial accounts or, at the very least, into email accounts.  People don’t realize that their email accounts typically represent the center of their digital universe.  Afterall, if you “forget a password” you can have an email sent to you so you can reset it.  Therefore email accounts are extremely valuable to criminals. cracked-passwordOur collective lame approach to creating passwords has got to stop!  It is time to do something about this! We know you can do better and we’re here to help! Creating multiple strong passwords is not difficult.  Take this set of examples. Using, Kaspersky Secure Password Checker, or the checker at, look at how long it takes for today’s password crackers to figure out passwords on the following list:

Password Sample:       Evaluation:
crispy                          Hacked instantly
crispybacon               Hacked in less than a day
crispybacon12           Hacked in 7 months
crispy=bacon12         Requires about 400 years to crack
(crispY)=Bacon12      Requires more than 1700 centuries to crack!

Random use of letters, numbers Non-letter, non-number characters such as = or ! or $ or )
Mix of UPPER and lower case
At least 14 characters long! (Five years ago we said 8 and three years ago we said 10, but faster computers and better password crackers now make these shorter passwords less secure.)


a) Begin with simple phrases and then modify them! But make sure they are at least 12 characters long.  For example…
“Make it better!” becomes “mak31TB3ttr!=”
“I love Spring” becomes “11UV$pr!ng!!” or “=1LUV$prinG!=”
“Scammers suck!” becomes “$C@mm3r$=$uck!”

b) Create an acronym from song lyrics and then modify it. For example…
“When I get older, losing my hair” From the Beatles song released in 1967 becomes “w1GO1mh=1967”
“I got this feeling inside my bones” from Justin Timberlake’s song Can’t Stop This Feeling, released in 2016, becomes “JT16=!gtf!MB”

c) Make up a word and modify it: “flomacious” becomes “f10MAc10U$”  And the capital MA is easy to remember if you live in Massachusetts. Kids are especially great at doing this!  But if you are not, you can use a fake word generator to help you such as Wordoid or WordGenerator

Never use real words in your passwords, no matter what language or even backwards, because they are easier to crack by simple dictionary attacks.

d) For your different accounts, add a letter or 2 that relates to your account. “bk” for bank, “MU” for mutual fund, “fb” for Facebook, “ig” for Instagram, etc. Use a “+” or “=” symbol to connect them. Or put your base-password in parentheses, for example:

e) Assign “mountains and valley” rules to your passwords.  This is just a silly way of saying “alternate CaPiTaL and lOwErCaSe letters” in your password.

A final note… If your family members do not use passcodes to protect their smartphones, they are making a HUGE mistake!  A stolen or lost phone can mean significant loss and anxiety.  Insist that they both protect their smartphones with a passcode AND not share that passcode with anyone outside of your immediate family.  Teens are especially vulnerable to pranks because many of their friends may know their passcode.

How to Protect Your Password and Keep Hackers Away from
Estimating Password Cracking Times from
How Long It Takes to Break a Passcode from
How long would it take to crack your password?
From the folks at Busting Password Myths [podcast]