Yes, we all have to use passwords these days for everything it  seems like, love them or hate them (I think I am with the latter).  I have written about passwords from time to time, and in fact, in yesterday’s blog, the whole fiasco with the State of Oregon really wasn’t so much that the employee clicked on a Phishing E-Mail.

Yes, that started the chain of events, but the  main culprit was the weak password that the employee used, and the ability of the  Cyber attacker to be able to quickly and guess and wreak their havoc that happened.  It is important to note that there are alternatives to passwords, such as using a Biometric device like Fingerprint  Recognition or Iris Recognition, or even using a Password Manager.

The great advantage of the first is that is that you can be logged in your workstation in just a matter of a few seconds, and there is no theft of your fingerprint  or iris.  With the latter, the primary advantage is that you can still create long and complex passwords that are difficult to crack in just a matter of few seconds.  Best of all, the Password Manager will remember these passwords for you so that you don’t have to.

But whatever method you decide to use, there are still certain things you need to keep in mind when creating a new password.  This is the focal point of today’s blog, and hope it makes for a fun weekend read.

How to Create a Strong Password

  1. Stay away from creating these kinds of passwords:

*Password and 1111:  Believe it or not, there is a strong tendency amongst employees to use these kinds of passwords.  After all, they’re easy to remember, right?  Yes, they are, but these are the types of passwords that the Cyber attacker will go after.  Make sure that your employees do not create these kinds of passwords under any circumstances.

*John1969:  People think that when they use a combination of words and numbers a strong password has been created.  Theoretically this is true, but in these instances, employees tend to use their first or last name, as well as their birthdate or graduation year.  The Cyber attacker is well aware of this, will hack into these kinds of passwords with the greatest of ease.

*Jane is the sister of John Doe, and JaneDoe is the newly created password:  Very often, employees will tend to use the name of a close relative, like the one used in this example.  While it is a stronger password, a “dictionary” attack launched by a Cyber attacker can guess this kind of password very easily.

*A real-world example of poorly created passwords:  Adobe Corporation is well known for the Cyber-attacks that it has come under, and a lot of it had to do with the weak  passwords which were created:






2) The newly created password should contain a minimum length of characters:

Most employees create passwords that are just 6-8 characters long, so that they will be easy to remember. However, your Security Policies should mandate that newly created passwords should be at least 10-15 characters in length.

3) Be sure to include a mix of characters:

This means using a good combination of uppercase and lower case letters, punctuation marks, numbers, as well as other special symbols (such as using [, ], {, }, _, -, ^, /, , =, +, %, #, (, ), $, and @).  A good example of this is: B1gH0u$3*123.

4) Avoid using dictionary-based words:

As it was eluded to earlier, a Dictionary based Cyber-attack literally looks for passwords that have come from the dictionary.  A prime example of this is the word “house”.  Also, don’t use a combination of dictionary words, such as “bluehouse”.

5) Do not use obvious substitutions:

Although we have stated that you should use a mixture of uppercase and lowercase letters, it is also important to remember not to create obvious substitutions as well.  For example, you don’t want to start with creating the password “house” as “hOuse”.

6) Never use the same password again:

In this regard, have your employees keep creating brand new passwords each and every time that they are required to do so.  It is tempting to reuse the last password because it is easy to remember.  But once again, refrain your employees from doing so.

7) Be creative:

It is important to note that a password should not just be a “word”.  Rather, it can also be a long phrase that is easy for to remember.  For example, think about some of your favorite sayings or phrases, and make those into a long password.  Here are some examples:

  • 2BorNot2B_ThatIsThe? (To be or not to be, that is the question – from Shakespeare)
  • L8r_L8rNot2day (Later, later, not today – from the kids rhyme)
  • 4Score&7yrsAgo (Four score and seven years ago – from the Gettysburg Address)
  • John3:16=4G (Scriptural reference)
  • 14A&A41dumaS (one for all and all for 1 – from The Three Musketeers, by Dumas)


Or, to have some fun with it, create passwords based on some of the websites that you frequently visit.  Here are some more examples:

  • ABT2_uz_AMZ! (About to use Amazon)
  • ABT2_uz_BoA! (About to use Bank of America)
  • Pwrd4Acct-$$ (Password for account at bank)
  • Pwrd4Acct-Fb (Password for account at Facebook)


To be ultimately creative, create a password based upon a pattern that you imagine on your computer keyboard:


This password is actually the pattern W “drawn” on the keyboard: