How to create strong passwords

These days, any regular internet user is faced with the task of remembering large numbers of passwords. In some cases, particularly for the user accounts set up on your own computer, you have the opportunity to create strong passwords. Where possible for online accounts, strong passwords should also be created.

Ideally, you should not reuse passwords because once one is compromised, it may give an attacker access to a range of online accounts. Separate strong passwords should be selected for important accounts.

The strength of password is sometimes dictated by the validation criteria that a web site enforces when you are asked to create your password. But within these bounds and where possible, opt for a password that is as strong as possible but easy to remember.

Generally, a strong password has the following attributes:

a minimum length of eight (8) characters; and
a mix of upper and lower case letters; and
at least one numeral; and
at least one non-alpha numeric character; and
does not include a dictionary word in any language.

To make a password easy to remember, think of a pass phrase and then change some of the characters to make it a strong password:

June School Holidays can be modified to: 7un3Schoo1Ho!idays

I like Australian red wine can be modified to: Ilike0zzieR3dwine*

Be good, be wise can be modified to: B3g00db3wi5e$

Please don't use these examples.

The use of strong passwords, particularly for the important online accounts, can help protect them from being 'cracked' or guessed. With the computing power and resources available today, it is estimated that a password which has these features will take several years to crack. Passwords with fewer characters and which have all letters or all numbers are trivial to crack within a few minutes.

A password is meant to be a secret known only to you. Therefore, you should never tell anyone your password and if you need to write it down in order to remember it, hide it somewhere safe.

Also understand that a strong password can still be captured by some types of malware designed to capture key strokes and stored passwords on the computer. Hence a strong password is not a substitute for implementing good security practices more generally.


Home About SSO Alert Service Advisories Alerts Newsletters Factsheets FAQs Useful links Subscribe Log In Visit Stay Smart Online	Larger text Smaller text You are here: Stay Smart Online Alert Service > Frequently Asked Questions > How to create strong passwords How to create strong passwords These days, any regular internet user is faced with the task of remembering large numbers of passwords. In some cases, particularly for the user accounts set up on your own computer, you have the opportunity to create strong passwords. Where possible for online accounts, strong passwords should also be created. Ideally, you should not reuse passwords because once one is compromised, it may give an attacker access to a range of online accounts. Separate strong passwords should be selected for important accounts. The strength of password is sometimes dictated by the validation criteria that a web site enforces when you are asked to create your password. But within these bounds and where possible, opt for a password that is as strong as possible but easy to remember. Generally, a strong password has the following attributes: a minimum length of eight (8) characters; and a mix of upper and lower case letters; and at least one numeral; and at least one non-alpha numeric character; and does not include a dictionary word in any language. To make a password easy to remember, think of a pass phrase and then change some of the characters to make it a strong password: June School Holidays can be modified to: 7un3Schoo1Ho!idays I like Australian red wine can be modified to: Ilike0zzieR3dwine* Be good, be wise can be modified to: B3g00db3wi5e$ Please don't use these examples. The use of strong passwords, particularly for the important online accounts, can help protect them from being 'cracked' or guessed. With the computing power and resources available today, it is estimated that a password which has these features will take several years to crack. Passwords with fewer characters and which have all letters or all numbers are trivial to crack within a few minutes. A password is meant to be a secret known only to you. Therefore, you should never tell anyone your password and if you need to write it down in order to remember it, hide it somewhere safe. Also understand that a strong password can still be captured by some types of malware designed to capture key strokes and stored passwords on the computer. Hence a strong password is not a substitute for implementing good security practices more generally.
	Last Updated: 2008-06-02 Copyright \| Privacy \| Disclaimer