12 Tips for Making a Good Password

12 Tips for Making a Good Password

Banking websites, email accounts, instant message software and social networking sites like Facebook and MySpace all have one thing in common: passwords. Not having a good password makes it easier for hackers to break into your online accounts. Don’t feel bad though, because even businesses like Twitter.com aren’t above using a bad password.

Creating and using a good password is very important, but it’s only one layer of internet security and it’s certain not foolproof. Given enough time and computing power virtually any password can be broken. What we’re presenting is a list of several rules (suggestions, really) for creating a safe and secure a password without it being a big hassle.

First off is the don’t list. It’s one of those “including, but not limited to” things, so be sure to use your own judgment along with our suggestions. While no password is 100% secure, the more you can do to make it difficult to brute force, the better.

  1. Don’t use a single common word or phrase such as “password”, “qwerty” or “apple”. Anything found in a dictionary or is common knowledge is a bad idea. Also steer clear of abbreviations, movie names, book titles, etc. Use multiple words if at all possible.
  2. Don’t use a proper noun. Steer clear of using your name, the name of your kids or spouse, a state capital, etc.
  3. Don’t write it down. While you can argue that you have a secret/safe place that no one will ever find (under your keyboard, in your wallet, under a filing cabinet drawer, etc.) trust us… it’s not secret and it’s not safe. Keep that password in your head, not in your hand.
  4. Don’t use your password on a public computer. As tempting as it is to check your Gmail account at the library, you have no idea if anyone has installed a key logger or other password sniffing software. It’s safer to wait until you get home.
  5. Don’t give your password to anyone. Anyone. No site or service worth its salt will ever ask you for your password. Any attempt by a CSR, website, or even an email asking for your password is a scam, period.
  6. Don’t reuse a password. If you somehow have a password compromised (whether you know it or not), reusing a previously good password has now opened you up to trouble.

Next up is the do list. These tips are here to help you create not only a good password, but also to to make it difficult for someone else to crack it. Not easily, at least. 🙂

  1. Do make it memorable, but not easily guessed. Using a mnemonic, or memory aid, is a great way to remember passwords.
  2. Do use at least 6 characters. Use 8 or more if you can swing it.
  3. Do use more than one password. Each site or account, or at the very least the important ones (banks, etc.) should have it’s own, unique password.
  4. Do avoid sequences of letters or numbers. “1223334444” is an example of a very bad password.
  5. Do change your password. Every 3-6 months should be fine for personal accounts.
  6. Do feel free to be creative with spelling. There’s no reason you can’t do things like substitute an “i” with a “y” every now and again, use upper- and lower-case letters, and even use numbers, punctuation, or special characters if possible.

Sounds like a lot to have to think about, right? Actually it’s not as bad as it sounds; making a good password is more about common sense than anything else.

In closing, here are some samples of a good 8-character password. While the samples below are great for educational purposes, please don’t use them for your real password because that would go against the tip that you don’t reuse a password.

  • phU+$sHu: This is a combination of “foot” and “shoe”. Notice how the “f” is replaced with a “ph”, the “oo” with a “U” and so on.
  • Tyg3rtLE: This is a combination of “tiger” and “tail”. The “i” in tiger is changed to a “y”, “tail” was replaced with an alternate spelling (“tale”) and a vowel is removed to keep the password at 8 characters.
  • 2ND-d0*R: This is a combination of “second” and “door”. Similar character substitutions as the first 2 examples abound in this one, too.

Update: 12/27/2009 Mashable has a new article on banned Twitter passwords.

Image courtesy of paulorear

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

About Jon

Jon has worked in the tech industry since the pre-Bubble dotcom days and still has a 1200 Baud modem somewhere in his garage. When he's not advocating the use of strong passwords and being smart about social media, he's working on finding new ways to convince his wife that bacon is a vegetable which should be eaten with every meal.


  1. Web designer in Houston TX says

    These are very helpful tips in making our passwords! This can ensure that our log in information is safe and secured. Thanks for sharing.


  1. […] can give you tips on how to make them better and stronger (read: harder to break). Our last post on passwords gave a lot of information on how good passwords can be easily created, and we’ve come up with […]

  2. […] who authored your malware were privy to, but why take a chance? Make good use of our blog post on how to create a good password and come up with a new one for each and every site you […]

  3. […] sites in case one of the passwords gets cracked or is leaked out. Read more about how to create a strong password on our […]

  4. […] you. If you’re not sure how to create a strong password, check out our blog articles “12 Tips for Making a Good Password” and “Bionic Passwords: Better, Stronger, and […]

  5. […] and sent out on the web to someone with mischief on their mind. Read the StopSign blog post on creating a good password and update all of your passwords in […]

  6. […] you haven’t read our post “12 Tips for Making a Good Password.“, do it now. I’ll wait. Did you read it? Good. Now go change all of your passwords. […]

  7. […] Change your password. Make sure to use a good mix of letter and numbers. […]

  8. […] takes to break your password. For more on creating strong passwords, check out our article “12 Tips for Making a Good Password.“. Image courtesy of Georgia Tech, taken from a screenshot of their website Related […]

  9. […] device opens you up to hackers who keep track of these things and share them among each other. And creating a good, secure password is a quick and easy way to alleviate the risk of easily hacked WiFi […]

  10. […] of common passwords and/or common words to try to access accounts. See our blog post “12 Tips for Making a Good Password” for additional details and tips on secure password […]