Creating A Strong Password: Do’s, Don’ts and How-To’s

Published April 13th, 2014 by Michael Farin

As web users recover from the OpenSSL bug Heartbleed that recently swept the Internet, we’re all suddenly much more concerned about security. How can we protect sensitive information from hackers – especially now that so many servers have been compromised? Step #1: Change ALL our passwords. Now.

A strong password can make the difference between secure data and complete compromise – as you well know. But what are strong passwords? How do you create them? And how do you remember strings of random letters and symbols like g0ººJK¢∞§¥†?©∫ siubty78%^&*, anyway?

Don’t worry – coming up with strong passwords isn’t nearly as hard as it sounds. Here’s our list of do’s and don’ts – and then some how-to’s that should help you outwit hackers without going crazy yourself.


  • Change your passwords every 3 to 6 months. That goes for every different account and computer you have.
  • Make sure each password is unique. As tempting as it is, don’t use the same password for multiple services.
  • Create passwords that include letters, numbers AND special characters. (More on that below.)
  • Use detailed, secure passwords on all your accounts. (Don’t give up after 5 or 6 and just use your birthday.)


Change only the administrator’s password on a Magento or Wordpress site. (DO make sure all users have reset their passwords.)

Send passwords via un-encrypted text message. (DO use an encryption app like Cyber Dust.)

Send passwords in emails or chats. (DO use encrypted notes like EndLayer’s SecureNote tool.)

Make the mistake of thinking passwords “aren’t a big deal.” (DO create strong passwords even for minor accounts like Netflix. Hackers can use these accounts as springboards to get into more important personal information.)

And now, a few helpful tips on creating multiple strong passwords that are still easy to remember. (It can be done!)

You don’t want to have a list of passwords sitting anywhere on your computer, so you need to create a password for each separate site that you’ll automatically be able to remember. And you don’t want to use any personal information or dictionary words. (Some hackers just go right through the dictionary until they hit on the right word.) So here are a few tips.

Use phrases that incorporate codes or shortcuts you associate with individual sites. And then change out parts of the phrase with letters and symbols. Let’s say you need an online banking password, and you pick “A penny saved is a penny earned.” That might translate to A¢_5av3d=a¢_3arneD. (Hackers are going to have a really hard time with that one.) Or maybe you need a social network password and you pick “Sharing is caring.” 5H@r1n8=c@r1n8 is also pretty tough to hack – and simple to remember.

If you don’t feel up to generating a unique phrase for each site, come up with a common framework that you can then customize with site-specific symbols. Basically, design a formula and then fit the individual site details into it. Just be sure you pick a framework that’s hard to guess, easy to remember. Lø8in2~fB~2d@Y or Lø8in2~tW~2d@Y translate to “Log in to Facebook today” and “Log in to Twitter today.” But only you would know that.

Draw keyboard pictures. No, really. A “W,” a “Z” or and “X” shape on your keyboard – maybe with the Alt key pressed on downward strokes – generates an incomprehensible string of letters, numbers and symbols. 456†ƒçVB is a Z – trace it and see.

Use emoticons. A string of happy, sad, surprised, excited and disgusted faces gives you a quick, memorable way to incorporate symbols into passwords.

See – that was kind of fun, wasn’t it?

For more Internet security tips, continue reading here.

Comments ()

Stay Connected

Contact Us

Phone: 1-855-363-5293 Email: Newsletter