You are here: Home / Information Technology / Self Help / Accounts and Passwords / Selecting Secure Passwords

Selecting Secure Passwords

Passwords are the first and primary line of defense against criminals and data loss; make sure you select a good password every time.


The object when choosing a password is to make it as difficult as possible for a criminal to make educated guesses about what you've chosen. This leaves him or her no alternative but a brute-force search, trying every possible combination of letters, numbers, and punctuation. A search of this sort, even conducted on a machine that could try one million passwords per second (most machines can try less than one hundred per second), would require, on the average, over one hundred years to complete.

What Not to Use

  • Don't use your login name in any form (e.g., as-is, reversed, capitalized, doubled, etc.)
  • Don't use your first or last name in any form
  • Don't use use your spouse's or child's name
  • Don't use other information easily obtained about you (e.g, license plate numbers, telephone numbers, social security numbers, the brand of your automobile, the name of the street you live on, etc.)
  • Don't use a password of all digits or all the same letter (This significantly decreases the search time for a criminal)
  • Don't use a word contained in English or foreign language dictionaries, spelling lists, or other lists of words
  • Don't use a password shorter than six characters (12 or more characters is preferred)

What to Use

  • Do use a password with mixed-case letters
  • Do use a password with non-alphabetic characters (e.g., digits and/or punctuation)
  • Do use a password that is easy to remember, so you don't have to write it down
  • Do use a password that you can type quickly, without having to look at the keyboard (This makes it harder for someone to steal your password by watching over your shoulder)

Methods for picking secure and easy to remember passwords

  • Choose a line or two from a song or poem, and use the first letter of each word. For example, "In Xanadu did Kubla Kahn a stately pleasure dome decree" becomes "IXdKKaspdd"
  • Alternate between one consonant and one or two vowels, up to eight characters. This provides nonsense words that are usually pronounceable, and thus easily remembered. Examples include "routboo", "quadpop", and so on.
  • Choose two short words and concatenate them together with a punctation character between them. For example: "dog;rain", "book+mug", "kid?goat"
  • Consider using passphrases, with or without the spaces. Also consider varying the capitalization of letters such that the first letter of every word isn't capitalized. For example: "All for one and one for all" becomes "One4AllandOne4All". Passphrases are often easier to remember than passwords. Please be aware that some services cannot accommodate lengthy passwords/passphrases or spaces. AIS, for example, limits entries to eight characters. cartoon that illustrates that the old suggestion for picking passwords that are made up of random characters creates a password that is hard for humans to remember and easy for computers to figure out (not what we want). A better method is to pick multiple random words with no logical connection to one another and form your own illogical association, this creates a password that is easy for humans to remember and extremely difficult for computers to figure out. The example given is 'correct horse battery staple' which is comprised of four completely unrelated words and the illogical association is imagining a horse correctly identifying a battery with a staple in it that he's looking at