Why Your Password Sucks (And How to Make It Better)

It’s something each of us uses every day, and we all probably have one (or a few) that we recycle over and over again. No, I’m not talking about bad jokes; I’m talking about passwords. They’re vital to the security of any system, but are often used incorrectly. Here are some password guidelines to live by:

First of all, forget most everything you know about passwords. As illustrated in this exceptionally hilarious techie nerd comic, for the past 20 years, we’ve been teaching people to create passwords that are difficult for humans to remember but easy for computers to guess. 

What’s important to remember when it comes to password strength, bigger is better. The longer the password, the more time it would take for someone (say a misguided computer nerd with too much time on his hands) to guess your password. As illustrated, a four-word long password (about 20 characters) would take about 550 years to guess—and it’s a TON easier to remember!

Here are the steps to create your new, super-strength password (adapted from Microsoft’s page on password strength):

1. Take four random words (for example: correct horse battery staple)
2. Remove the spaces to create your password (for example: correcthorsebatterystaple)
3. Capitalize the first letter of each word (for example: CorrectHorseBatteryStaple)
4. Run over to Microsoft’s Password Checker to test your new password’s strength
5. Voila! You’re finished! If you’re a super security nut, feel free to add some numbers or punctuation for good measure.

Now that you’ve made your super-strength password, keep these general password guidelines in mind:

• Don’t use the same password for everything. Cybercriminals steal passwords on websites with very little security, and then they try to use that same password and user name in more secure environments, such as banking websites.
• Change your passwords often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.
• The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing “and” to “&” or “to” to “2.”
• Avoid using sequences or repeated characters (for example: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
• Avoid using personal information when creating your password (for example: your name, birthday, driver’s license, passport number, or similar information).
• The easiest way to “remember” passwords is to write them down. It is okay to write passwords down, but keep the written passwords in a secure place.