Creating Secure Passwords

If you’re going to use the internet, or pretty much any form of technology, you are going to need to create passwords. We’re going to give you some advice about creating secure and memorable passwords, as well as discussing the essential do’s and don’ts of password creation.

First things first we’ll go through the key do’s and don’ts:

  • Do use a good mix of letters (lower and upper case), numbers and symbols.
  • Do make them as varied as possible ie. Not aaabbbccc or 111222333
  • Do make them complex but memorable: there’s no point in making a hugely complex password if you instantly forget it.
  • Don’t use password123 or abc123: this goes without saying hopefully.
  • Don’t reuse the same password for every site, or at all if you can avoid it.
  • Don’t make your password the same as your user name: usernames are often public and would really give the game away.
  • Don’t make the password directly relate to the website: we’ll explore this further but for example don’t use Amazon123 as your password for Amazon.
  • Don’t write your passwords down on post-it notes and stick them around your monitor: writing them down isn’t the end of the world per se but we’ll get into that later.
  • Don’t make a password using your personal information ie. Your birthday, house number, family or friends names, this information might not be as secret as you think!

Password Myths Dispelled

There are a few password “rules” you’ll hear thrown around that aren’t always true: think of them as strong guidelines rather than hard and fast rules.

“Never write your passwords down”. Generally this is true and you shouldn’t, but this only refers to plain text. Plain text refers to text that is not written in code or specially formatted.

If you were to write all of your passwords down on post-it notes and then stick them around your screen, that would be plain text and in plain sight: two big no-no’s.

If you were to write your passwords down in a physical notepad and then hide it, in a safe maybe, that’s probably okay: if you’re safe is breached then you’re probably going to have bigger things on your mind than your passwords.

If you were to store them on your PC in an encrypted document that’s buried deep in your system, then that’s probably okay as well. A password manager fills this kind of role but we’ll cover those later.

Ideally however you will want to memorize your passwords and perhaps just write down hints that are highly specific to you if you feel you need them: the hints could be gibberish but if they remind you of your password then it doesn’t matter.

“Use a unique password per website”. Again this is a “rule” you generally want to follow but increasingly you are forced to sign up before you can view any content on a site.

If you aren’t entering any significant personal information on an account then you could just re-use a standard password.

As a general rule of thumb: if you’re entering any payment details of any kind or are required to input a billing address then make a new unique password.

Creating a Secure Password: Gibberish is A-Okay

There is no correct method for creating a secure password but we'll go through a few of the tried and tested methods.

Using a strong and consistent method for creating your password will not only make a good password but it will also help you remember them: the method acts like a mathematical formula and you just put different information into it per website, using the result as your password.

Here is the first method and why it makes such a strong password.

  • Start with a sentence that is roughly 10 words long. You can have it relate to the website in some way but nothing too specific: Safer Internet dot com helps you make a secure password.
  • Then take the first letter of each word and create a string of characters: sidchymasp
  • Make it more complicated by capitalising every word with more than four letters: SIdcHymaSP
  • Next add some numbers to increase complexity and length: SIdcHy59maSP
  • Last but not least add even more complexity with symbols: ?SIdcHy59maSP_

That is a very secure password.

Highly difficult to guess and not that hard to remember if you use a consistent method and just change the sentence per website.

It’s okay to have the sentence relate to the website because you aren’t directly putting the website name in the password. Having it relate also makes it easier to remember: theoretically if you forgot your password but remembered the method and the sentence then you could go back through the steps and recreate it.

Obviously you don’t need to follow this method to the letter. You could change the rule for which letters are capital, change the numbers and their position in the password and do the same with the symbols.

If you can’t think of a sentence then try using the first sentence of your favourite book: changing the chapter when you need to generate a new password.

Creating a Secure Password: Correct horse battery staple

The next method is not only a good way to create a password but it also highlights some of the pitfalls in traditional password creation. Plus it’s in comic form and learning is always better in comic form. Full credit goes to xkcd for the following image.

Creating a Secure Password: Password Manager

Why create and remember complex passwords when someone else can do it for you? That is the mantra behind a password manager.

Password managers like LastPass, Roboform, KeePass and 1Password essentially serve as highly secure notepads for your passwords.

It may sound like a bad idea to have one password protect all of your accounts but if you are already using one password for all your accounts then that’s essentially what you’re doing.

Most password managers will generate random, strong and complex password at the click of a button. Meaning that the only password that you have to create and remember is your master password: make it really secure and really secret, it is essentially the key to your online kingdom.

Some password managers can be setup to automatically login to online services for you, much like the default password managers that you might be familiar with from your internet browser of choice.

Some will also perform auto-fill services: for example when you’re asked to input standard billing or delivery address information. Others even store other valuable information like passport or driver’s licence details, even just important documents that you would like encrypted.

If you like the idea but you really aren’t sure that you want to entrust so much to one password then worry not! A fair few of the best password managers come with plenty of 2FA options. You can learn all about 2FA on this page.

If used correctly with strong security principles and protocols, as well as a big dose of common sense, password managers can be a very reliable, simple and, above all, secure method of remembering the increasingly large number of passwords that you’ll need in day to day life.

The Keys to Your Kingdom

With all the options available to you there is no excuse for having weak or reused passwords. Combine that with regular password changes and a healthy dose of common sense and you should be A-Okay in our ever-growing digital landscape.