How To Make A Super Strong Password

How do you make a super strong and unique password?

You don’t.

Yup, it’s that easy; the last thing you should be doing is personally making any password. Instead, you should be using a password generator and letting it pick the passwords. This can be from a password manager or a password generator for your password book.

When It Comes to Passwords, Why Can’t You Create Your Own?

When it comes to passwords, the reason you don’t create your own is that you suck at it. There, someone needed to say it. People are way too predictable and lazy to be making their own passwords. It’s not a personal attack; if anything, it’s freeing as it’s one less thing for you to worry about.

Not only that, but when people pick their own passwords, it often leads them to picking the same or similar passwords, which is the worst thing you can do. Reusing the same or similar passwords leads to credential stuffing attacks, and it’s the way most people get hacked.

What Should You Do To Create Passwords?

What you need to do is either two things…

  1. Use a password manager
  2. Or use a password book

It doesn’t matter what path you take so long as you use a randomly generated password for every account. Ideally, a password manager is better for most people as it will fill, save, and organize your passwords for you. A password manager is so helpful that after using one for a while, you’ll wonder how you made it this far without one. Though, a password manager is not for everyone, which is fine. Some like pencil and paper, so long as you use a randomly generated password for every account, that is good enough.

Isn’t Writing Passwords Down Bad?

Writing passwords down is not bad; in fact, it’s one of the most secure things you can do. Of course, context matters, and writing passwords down on some sticky note placed on your computer screen at work is not good. But keeping passwords in some kind of notebook you keep hidden is quite fine. To explain why writing passwords down is fine, read the whole article on it here.

And if you write your passwords down, you’ll need an password generator here, it creates over 100 passwords for you to use. Print that page out and put it in your password book so you’ll be ready to go when you need passwords.

Uniqueness > Length > Complexity

All the people telling you to swap an ‘a’ for an ‘@’ are wrong; when it comes to your passwords, it doesn’t render them more noticeably secure. Also, the people telling you to build create passwords by using the first letter of some song or other written work are just as wrong. When picking passwords, what matters the most is that the password is unique. By unique, I mean you’ve never used this password before, and it’s not like other passwords you’ve used before.

Here are some examples of unique passwords…

  1. yCrbbjfoChUm3un7
  2. 2a!Rw?Psz8
  3. Coastline86keep
  4. zfwrp-TRHJK-42387

All the passwords were randomly generated and don’t relate to each other. There is no “Fluffy123” and “Fluffy123???” as that is not unique enough. “Football81defender” and “Eardrum43relight” are unique as they were randomly generated.

The next important factor is length.

The reason why length is not the most important factor, despite what many “experts” say, is that “maryhadalittlelamb” is long, but it’s not secure because it’s been in breaches before. Neither is taking the first letters of each word “mhallifwwas” make it super strong or the perfect password either.

Just enter “mhallifwwas” into https://haveibeenpwned.com/Passwords to see the many breaches it’s been in. You can have the longest password that has been in breaches before as it’s common or easy to guess. This is why uniqueness is more important, longer does not always mean better. Complexity is the least important because it makes your life harder without making it much more secure. Swapping an “a” for an “@” only slows you down, not the attacker, as all cracking stations know to try this trick.

Also, if the password is unique and long, there is no real benefit to making it more complex. The password “dismay-overpower-outrage-jester” is already good enough, and making it into “d15m@y-Ov3rpow3r-0utrag3-j3st3r” is only slowing you down and annoying you. Time would have been better spent making the password longer by one character than making this mess.

What Length Should Your Passwords Be?

As talked about earlier, the length of your passwords is not as important as the uniqueness of it. But length can’t be ignored once the unique criteria have been met. For your passwords, the length you create them will come down as personal preference. Ideally, I shoot for 10 – 20 characters, but it can be whatever you want. Do keep in mind, don’t overdo your passwords length.

Isn’t Using Words From Dictionaries Bad?

Using multiple words in your passwords is fine. What is not fine is using one word. If your whole password is “Football,” then that is a bad password. But if your password is “Football81defender,” that is vastly better.

I have a whole post on the topic of why it’s okay to use words in your passwords.

When they say not to use dictionary words, they mean don’t use passwords in a dictionary set of already known passwords. This means already cracked passwords like “Football,” “iloveyou,” “P@ssword123,” and all the other 1,000 most popular passwords.

Should You Change Your Passwords Often?

The only time you should change your passwords is if anyone of them have been exposed. This could be when a website tells you to change it because they were hacked, you gave the password to the wrong person, or as simple as a gut feeling. Regularly changing passwords is a thing of the past and not something we need to keep doing.

If you’re giving every account its own random password, then changing your passwords every X days is just pointless. The only person you’re more likely at keeping out is yourself than some attacker. Pick a good and random password from the start, and regular password changes will be pointless.

Should You Remember Your Passwords?

You should not remember all your passwords besides a few critical passwords like your master password, computer login password, and a few others. The average person has over 100 passwords, and it’s growing every year. It’s not physically possible for anyone remembering every password, and thus why I suggest you use a password manager or a password book.

Write Down Your Master Password

Since your master password is used in encrypting your password manager’s vault, you mustn’t lose it. Ideally, you shouldn’t be making your own master password either, as talked about here. You should be writing your master password down and keeping it somewhere secure in your home. Just because you’re using a password manager doesn’t mean you miss out on the wonderful world of writing passwords down.

It’s a good idea that every home has a “just in case” folder or book that contains things like your master password, health information, what bills you have, and other mission-critical items you’ll need in a time of emergency. If 2020 has taught us anything, being prepared for the unexpected is super valuable.

Can I Use My Password System?

I get someone that says they have password systems for developing something they use for their accounts. It’s often something complicated involving using the site name, some common phrase, or whatever mess they come up with. Don’t do this. This is the worst idea, I wrote an article about why it’s so bad here.

This Website Says It Will Take Years!

First, don’t enter your password on any website that it’s not meant for. Second, those websites don’t factor in password reuse or even passphrases. So, for many of them, they’re no better than some guy on the street telling you random numbers that “feels right.”

Instead, we have got the password cracking calculator here and the passphrase cracking calculator here. Our calculator isn’t perfect either, but it at least is based on some real-world information while also not asking for your actual password.

I Don’t Trust Password Managers Or Password Books!!!

You’re in luck; I have the solution if you don’t trust password managers or password books!

Pepper your important passwords!!!

With peppering, someone getting access into your passwords won’t know the whole password. There is no excuse for not using password managers or even the password book!

Leave a Comment