Software, Technology

How-to: Generate Good Passwords

How to Generate Good PasswordsEveryone thinks their on-line passwords are uncrackable. The bad news is that most plain text, alpha-numeric passwords don’t last more than a few minutes under a brute-force, ‘dictionary’ attack.

More complex passwords, including letter-number substitution, such as passw0rd (with the O replaced with zero) are so-called ‘leet-speak’ passwords. These are no longer secure either and are starting to show up in dictionary attacks.

So you have to get a bit more creative for 2012.

The rocket scientists over at NASA created a set of best password practices to help protect their data, they include:

  • It should contain at least eight characters
  • It should contain a mix of four different types of characters – upper case letters, lower case letters, numbers, and special characters such as !@#$%^&*,;” If there is only one letter or special character, it should not be either the first or last character in the password.
  • It should not be a name, a slang word, or any word in the dictionary.
  • It should not include any part of your name or your e-mail address.

The problem with following that advice is that you create passwords that are impossible to remember.

There are a few workarounds to create password mnemnonics that are easier to recall.

Security guru Bruce Schneir suggests turning a sentence into a password. For example, “Now I lay me down to sleep” might become nilmDOWN2s, a 10-character password that defies dictionary attack, so a hacker needs to resort to brute-force.

Developer and podcaster Steve Gibson of and Security Now podcast suggests lengthening and obscuring passwords with punctuation characters. For example inserting a string of , or . into your passwords breaks up any pattern of alpha-numerics, again defying dictionary attack, and lengthening the pass string so that brute-force attacks take significantly longer.

Try to use a different password on every service, but if you can’t do that, at least develop a set of passwords that you use at different sites.

This will make you more secure on-line (so long as you don’t keep your master password list somewhere on-line. If you need to write them down, then do; but keep the list somewhere secure and don’t put more than a hint next to it – don’t list the account names. RC

About Robin Catling

Writer; performer; project manager; sports coach; all-round eccentric.


4 thoughts on “How-to: Generate Good Passwords

  1. I found personally and professionally, mnemonics work great for the many, complex passwords I have to remember. I always try to pass on to my users that password complexity is vitally important. I usually get “the look”, like they think I’m an idiot, but some do adhere to my advice.

    Another great article.

    Posted by Joe | Jan 22, 2012, 1:02 am
  2. This constantly amazes me exactly how blog owners for example your self can find enough time plus the commitment to keep on writing superb blogposts. Best wishes.

    Posted by Angelo | Feb 3, 2012, 10:21 pm
  3. There are automatic ways to generate strong passwords. It is even possible to generate a list of ten, twenty or more passwords with online tools. These kind of passwords are difficult to remember and having too many accounts online ( like email, banking and social networks) make it necessary to use a tool to store passwords. I can recommend keepass. This tool with securely store a long list of passwords. It is only required to remember one password to unlock the database.

    Posted by Jean | May 30, 2012, 9:32 pm


  1. Pingback: How-to: Generate Good Passwords Part II | Everything Express - May 16, 2015

Leave a Reply to Angelo Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Twitter Updates

Follow us on Twitter @EverythingExpre

Find Us on Facebook

Enter your email address to follow this blog and receive notifications of new posts by email.



BBC World News

BBC World News
Opens the BBC World News page.
%d bloggers like this: