How to pick a proper password

Passwords are the keys to your digital assets. You wouldn't leave your car unlocked, would you?

You wouldn’t leave the key to your front door under the mat. And leave the back door unlocked. And the windows open. With piles of cash on the table visible from the street. You wouldn’t do that, would you?

The security of your digital assets are no different.

Imagine arriving home, finding your keys don’t work and that someone else has moved into your house. You can see in the window that they are wreaking the place, so you call the cops. When the cops arrive the new occupant insists that they are you and you are the imposter trying to steal their house. The cops leave saying its your problem. Good luck with that.

This sort of thing happens all the time in the online world. Hardly a week goes by without news of some new hacking scandal, either some celebrity has had their social media account taken over or some company has had their customer data stolen. This does not happen by accident – someone was careless. Don’t let this happen be you.

Follow these simple rules to stay safe.


Rule 1: One account – one password.

Never use the same password twice.

People keep telling me “I have this really good password”.

(and it never is a ‘good’ password).

“I use it everywhere” they say smiling.

This is the worst thing you could do.

Remember that the bad guys are not trying to login to your accounts themselves – they have computer programs that are doing all the hard work on their behalf. So as soon as it finds a new password, it will try all of the websites it knows (and there will be thousands of them) to see if it works there as well. This will happen within a second; almost all will fail; but trust me – computers don’t get bored and they don’t take breaks.


Rule 2: Make easy to remember, but hard to guess passwords

To a computer a password of ‘password’ or ‘QwzT6&1f’ are equally hard to guess. Eight characters takes about two seconds to brute force crack. Use longer, much longer, passwords. Twenty characters or more is good.

But how to remember 20 random characters?

Easy – don’t.

Use a phase that is difficult to guess, but easy to remember.

XKCD describes this well.

Now lots of sites will insist that you use UPPER and lower case, some 1234, and a !@#$%^&* or two. Just add some of those to your random words and you’re good to go.

Just make sure you use ‘random’ words.

Your kid’s names? Nope.

Your pet’s names? Nah.

Favorite sports players? Get real.

And ‘apple’ and ‘sauce’ is one word.

Try picking the words out of a dictionary, or use the third word in each paragraph of an article.

For example, using this page, your words would be: leave, of, home, thing. So your password could be: LeaveOfHomeThing941#$

Still too hard?


Rule 3: Use a password manager

Password managers are a database of all your passwords, generating and recalling, long, complex passwords for you. You just need to remember the password to the password manager.

More about these later.


Sophos have a good video on picking passwords.


In the meantime, stay safe out there.

Need help? Let me take care of your IT issues.

Scroll to Top