Creating a strong password: As much art as science

"Make sure you use a strong password." How many times have you been told this? Why is this so important? That set of characters is the key that can unlock all of your online personal information. So, how does one go about creating a strong password? And just as important, actually remembering what it is.

Right now Miami requires that you change your password every 180 or 365 days, depending on how complex a password you choose. All passwords must have eight characters that include both upper and lower case letters and at least one number. To qualify for the 365-day reset, the password must have 10 characters and add at least one special character (for example: <, ?, +, %) to the basic requirements.

Why so strict? That is an easy answer for Connie Johnson, data security analyst. “You can't have a simple and guessable password in today's cyber world.  A strong and unique password for each online account is the best thing you can do to ensure your information is secure.”

Using a password manager

With the large number of online accounts you undoubtedly have passwords for, it is difficult to remember each one without duplicating them. One answer is to use a password manager, assuming you have a strong master password that you can remember. According to Johnson, “Most password managers have a built in random password generator tool that can create a strong password for you.”

There are a number of password managers out there, and PC Magazine rates the best for 2015, along with providing a description of how they work. They also provide a list of the best free options.

Going old school

If you decide not to use a password manager, here is some helpful advice to consider:

  • Use a minimum of 12 characters (Miami requires eight or 10, but more is always better).
  • Include numbers, symbols, and a combination of capital and lowercase letters.
  • Do not use any word found in any dictionary or that is a combination of dictionary words.
  • Do not just add a number before or after a word (jeep4, 32zebra).
  • Do not double a word (catcat), spell a word backwards (tac), or add an “s” (cats).
  • Do not use obvious substitutions, like numbers/symbols for letters: 3 for E, 0 or O, etc.
  • Do not use personal identifiers like your name, birthday, anniversary, SSN, pet names, phone number.
  • Get more good advice.

And, once you set your password, remember:

  • Never use the same password for more than one site or account.
  • Never share your password.
  • Don’t use “Remember Me” on public or shared computers.

Johnson notes the importance of the first bullet, “You don't want someone who gets your password from one site being able to use it for another site.”  

One easy way to create a strong password that is memorable is to come up with an easy-to-remember sentence like “My favorite car I ever owned was a 67 Mustang convertible that cost $4000.” By using the first character of each word, you can create a password like MfcIeowa67Mctc$4k.

Going beyond the password

The strength of your passwords is not the only consideration for staying safe online. It is also important to avoid phishing sites and email messages and protect your computer from dangerous password-capturing malware.

It is not always easy staying one step ahead of the bad guys, but hopefully you now feel better equipped to protect yourself in cyberspace.