How to Create a Secure Password

Jason Thai

Updated 2019-06-14:

  • Mention Lesspass

Do you use the same password for most of your common sites? Is your password easy to remember or to guess? You may find the convenience in only having to remember one password but that significantly increases the chance of it being hacked, especially when various security breaches have happened lately. If you find yourself doing this, it is important to take some time to change your passwords and make them more secure.

How do we find the balance of having secure passwords with the convenience of easy recalling? There is a perpetual search for this solution but here are some suggestions

Use a Long Password

Longer passwords are always harder to crack. Consider using a password that has at least 12 characters.

Avoid names, places, dictionary words

Make use of capitalizations, punctuations, numbers and spelling.

Here is password that apply all of these rules: mE8$pX1xF@x3uyC and some of its stats provided by Password Checker Online:

Password Checker

Never Reuse a Password (Use a Password Management Tool)

It is challenging to come up with a new password, let alone having to remember a complicated one like above but it is important to do this. Often we want to have more secure passwords and different ones for our sites, while staying away from remembering all of them.

A solution for this is to use password managers. There are a couple of options:

  • LastPass or 1Password - These are online tools that include browser extensions to help you manage your passwords. They can auto generate passwords and store them on the clouds so you can access them on any devices. All you need to do is remember 1 master password (a secure one!) to access all the data stored in the tool. Enter your master password, and the password manager takes care of the rest.
  • Lesspass - Stateless password manager. You only need to provide the site, login, and the one master password of your choice and a password will be auto generated for you. You can also host this service yourself.
  • KeypassX - This has the same functionality as LastPass or 1Password but it is an offline tool. If you are serious about your security and don’t want other providers to keep your data, you can use this to manage your passwords.

Another extra thing you can do is to make use of both password managers and memorization. Memorize the passwords for your most common sites and use password managers for the rest.

Fun corner: common passwords

  • 123456
  • 123456789
  • password
  • admin
  • 12345678
  • qwerty
  • 1234567
  • 111111
  • photoshop
  • 123123
  • 1234567890
  • 000000
  • abc123
  • 1234
  • adobe1
  • macromedia
  • azerty
  • iloveyou
  • aaaaaa
  • 654321

(list was taken from https://www.noip.com/blog/2013/12/04/9-easy-ways-choose-safe-secure-password/)

Some other resources and references: