StratVantage News Summary


Upcoming speaking engagements

The TrendSpot

Internet News





P2P Companies


XML Standards


B2B Ecommerce   Companies


Enterprise Architecture

Security Information

B2B Ecommerce Resources

Marketing Information

Get Free News and Analysis

Subscribe to the StratVantage News Summary.



Subscribe Unsubscribe

Powered by

How to Create a Secure Password You Can Remember

It’s human nature to resist the demand by security personnel that you create a secure password and change it frequently. People typically use a password only a few times daily and may have established accounts at a variety of intranet and Internet sites that they find hard to keep straight. Because of this, people have a tendency to choose passwords that are easy for them to remember, perhaps based on the names of friends, family, sports teams, or pets. Unfortunately, such passwords are also easy for someone else to guess.

Add to this the fact that the security of the password should reflect the sensitivity of the resource secured. You may not care too much if someone hijacks your HotMail account, but you’d definitely be interested if they stole your bank account. However, if you always use passwords that are secure and memorable (to you), you don’t need to be as worried about suffering identity theft.

Here are some rules to help you keep your accounts secured by creating secure and memorable passwords.

Good Passwords:

  1. Contain a minimum of one character from at least three of the following four classes:
    o        Lower case letters
    o        Upper case letters
    o        Arabic numerals (i.e. 1, 2, 3, 4, etc)
    o        Special characters such as !, #, %, $, _, @, *.
  2. Include more than one number and/or one or more special characters (for example,  %, $, '.). Are at least 7 or 8 characters long
  3. Are easy to remember (don't write them down, don’t save them in a disk file)
  4. Can be typed quickly so that someone can not watch you enter the password
  5. Can use acronym that is special to you – examples:
    ”'65 Mustangs are better than anything from the '80s” becomes “65ma>80+”
    ”the quick brown dog jumps over the lazy cat” becomes “TqbDj/tlC”
    ”ain't nobody's business if I do” becomes “a't0biId”
    (Please do not use these - create your own!)
  6. Are used for one account only. Do not use the same password for multiple accounts. If it is ever compromised, the cracker’s got access to your whole online life.
  7. Are rotated at least every 90 days. And don’t rotate them by just incrementing an included number.

Bad Passwords:

  1. Anyone's name
  2. Any combination of your login name, first and last name. A password should NOT be based on:
    o        Modifying any part of your name or name+initials;
    o        Modifying a dictionary word;
    o        Popular acronyms;
  3. Anyone's Birthday
  4. Things you like: favorite locations, films, books, colors, or any other data that could be easily obtained about you
  5. Any word in the English dictionary
  6. Any word in a foreign dictionary
  7. Fantasy Characters
  8. A proper noun
  9. A place
  10. Your phone number
  11. Your Social Security number
  12. Your Address
  13. Your license plate number
  14. Profanity
  15. Passwords all the same letter
  16. Simple patterns of letters on the keyboard (“sss”, “asdf”, “qwerty”)
  17. Short word pairs joined together (“theto”)
  18. Look out for smileys ... :-)


Bad password Examples:

  • alec7 – it's based on the user’s name (and it's too short anyway)
  • gillian – name
  • naillig – ditto, backwards
  • theskyisblue – common phrase, no numbers, no punctuation
  • PORSCHE911 – it's in a dictionary
  • 12345678 – it's in a dictionary and people can watch you type it
  • abcxyz – ...ditto...
  • 0ooooooo – ...ditto...
  • Computer – just because it's capitalized doesn't make it safe
  • wombat6 – ditto for appending some random character
  • 6wombat – ditto for prepending some random character
  • merde3 – even for french words...
  • mr.spock – it's in a sci-fi dictionary
  • zeolite – it's in a geological dictionary
  • ze0lite – corrupted version of a word in a geological dictionary


If you’re not terrified about security, you’re not paying attention!™

You may think these rules are paranoid. But there’s a good reason why: Modern password cracking programs use dictionaries of a dozen languages, proper names, religious texts (for example, the Bible and the Koran), myths, phrases, almanacs and whole major texts (for example, Paradise Lost). Additionally, modern password crackers test for rotations (for example, elaFleckB), reversals (for example, luapts), numerical padding (for example, misty9), letter replacement (for example, ball00n) and dozens of other rules. A secure password should avoid these weaknesses.

So make your password secure, make it memorable, and be careful out there!


Copyright © 2002, StratVantage Consulting, LLC. All rights reserved.

Please send all comments to .