How to make good passwords

If we lived in a perfect world, we would have no need for passwords. We would sleep soundly without locking our house, and could throw away the key to our car. We have to take measures to protect what is ours and this goes for computers as well as our house.

Why do I need a good password?

You need passwords when you log into your computer, access your internet bank, shop at online stores etc. Every day, hackers will try to snatch your password and impersonate you. By using good passwords, however, you can stop the hackers.

What is a good password?

Here are five passwords, ranging from worst to best; the first being the worst and the last being best:

Password Comment
chair This is bad for two reasons; 1. It consists of a common word that is easy to guess for a professional hacker. 2. The password is short and contains only small letters.
nskjdm The password is short and contains only small letters.
fLoWErs1 Now, this password contains both small letters, CAPITAL letters and numbers, which is good. But it uses a real word flower. Another human will not be able to guess this password, but a hacker would find this fast (I'll explain why below).
m8sR9K2 OK, this is more like it! It looks nerdy, and is almost impossible to remember. It is good because it uses small letters, capital letters and numbers and is not a real word.
p2%A1=j?4 This is today's winner. Even seasoned programmers like me find this password slightly on the geeky side. It's the same as the previous, except it also includes symbols like %=?.

So the moral is: include both small and capital letters, add some numbers and maybe even some symbols. Do not use common words, even foreign ones (hackers come from all over the world, and they have dictionaries). Also, longer passwords tend to be better.

Great. Letters, numbers, symbols, I get it! That's everything?

Wait! There is one more thing you should avoid. If you're not a native English-speaking person, your keyboard may contain non-English characters. For example, my Norwegian keyboard contains these letters: Æ Ø Å. I recommend you avoid using such non-English letters in passwords.

The reason for this is - as I have experienced myself - that some sites on the internet do not accept these letters. Some of them will actually tell you that your password is OK. But before storing your password, they will clean out all those characters. In other words, if you make this password "meÆrtØ", the site will give you the OK, but quietly they will erase the letters Æ and Ø, storing the password as "mert". When you log in using your full password, the site will not recognize this. Avoid non-English characters.

Conclusions and some additional knowledge

Quick-tips: What to do!
  • Keep your password longer than 10 characters.
  • Use letters, numbers and symbols if possible.
  • Use both small and capital letters if possible.
Quick-tips: What to avoid!
  • Do not use real words or combination of words.
  • Avoid easy passwords such as "12345", "abcdef", "rrrrrrr", "qwerty" (try to type this on your keyboard if you did not understand why you should avoid it).
  • Avoid birth dates and other personal information.

Some questions

How do hackers "hack" passwords?

There are different ways depending on whether it is the password to an internet site or to a program or file on your computer, or perhaps the password to your computer itself. Most commonly, hackers will use automated computers that type in and test each possible password. The program might start by testing first the letter a, then b, then c and so on. After a while, it gets to aa, ab, ac. It will continue like this until it finds the correct password, or the hacker gets tired of waiting.

Won't this mean that the hacker is guaranteed to find my password?

Yes, eventually your password will be revealed. However, testing billions of passwords take time; even for computers. If you use a good password, it can take a powerful modern day computer many years to find it. By that time, the hacker has probably grown up, moved out of his parent's house and forgotten about you. So stall the hackers long enough and they'll give up. The best way to stall them is to make longer passwords.

How long should my passwords be?

There are no set standard, but the table below shows a recommended length based on what characters are included in the password:

Password consists of Recommended length
Only small letters 15 characters
Small and capitals 12 characters
Small letters and numbers 12 characters
Small & Capital letters and numbers 11 characters
Small & Capital letters, numbers and symbols 10 characters

If you make a 15 character long password of only small letters, that is probably good enough. But remember to not use real words.

Is it safe to store my passwords in a text file on my computer?

No. The biggest threat is hackers that use automated computer programs that scan the Internet for unprotected computers. When they find an unprotected computer, they will try to connect to it. If they gain access to the unprotected computer, they can find the information on that machine, and if passwords are stored in a regular text file, the hackers can read it easily. What do you do if this is your computer? There are a couple of things you should do:
  1. Use a firewall. This will make your computer very hard to hack.
  2. Store your passwords in a password manager or use a program like WinRAR or WinZip to compress and then encrypt the file with its own password.
In general, protecting your data is important. But if you run a firewall, store passwords in a password manager or encrypted text file, and ensure your passwords are good, you should be all right.