How can I create a strong password?

Quick Tips

TIP

  1. Your password should be meaningful only to you
  2. Your password should not use common words or patterns ("SpringArbor", "SAU", "2018", "12345", "ABC", "QWERTY")
  3. Your password should use uncommon substitutions and misspelled words ("This brown fox can jump really high" = "+4is 8r0wn fex c2n j0mp r#lly h16h")

Technique 1: Password Phrases

TIP

  1. Memorable phrases can be turned into strong passwords.
  2. My son’s birthday is 12 December, 2004 = Msbi12/Dec,4
  3. Four score and seven years ago our fathers brought forth = 4S&7yaofb4th

Notice that they are taking the first letter or 2 from each word in these sentences, and then changing the format of the date.

You can build on this technique by "salting" your password, which means to add random letters/numbers/symbols at the beginning and/or end that only have meaning to you:

Msbi12/Dec,4 #!@Msbi12/Dec,4Wow

TIP

How long does it take to crack passwords with this technique?

Password Number of Words Time to Crack
abcdefg 7 character password 15 minutes to crack
abcdefgh 8 character password 30 minutes to crack
abcdefghi 2 word password 1 month
abcdefghijkl 8 word password 1 year

“abcdefg” 7 character password - .29 milliseconds to crack “abcdefgh” 8 character password - 5 hours to crack “abcdefghi” 9 character password - 5 days to crack “abcdefghijkl” 12 character password - 2 centuries to crack

WARNING

Even though the previous example shows that the password "abcdefghijkl" will take two centuries to crack, almost no attackers are going to use this technique to try to guess a password. Most attackers will use a combination of this technique, and the next two techniques to guess your password.

Technique 2: Adding "salts"

Create a strong password using the technique above, and then add extra characters at the beginning and/or end of your password to make it more difficult to guess your password.

TIP

"Msbi12/Dec,4" will become ""#!@Msbi12/Dec,4Wow"

Notice the added letters and symbols in the password from the same passphrase we created in the above example.

Technique 3: The best technique

Use the techniques listed above to create 2 strong passwords, (one for MySAU and one for LastPass) and then use that new password to store all of your other passwords in a password manager like LastPass. LastPass will allow you to create random and unique passwords for all of the websites you visit, and it will make it easy to securely autofill and store your passwords so that you don't need to recall them. See out LastPass guide for more details and instructions.