Related News

Security

How to Create a Good Password

by Clevin Wong

A good password is easy to remember but hard to crack. It should be long (at least 8 characters, 14 characters or longer is ideal), complex (include a combination of uppercase and lowercase letters, numbers, and symbols), difficult to guess (appear to be totally random to anyone except you), and easy for you to remember.

With all these requirements, it may seem difficult to create a good password satisfying all of the criteria. Fortunately, it is not so difficult, there are some simple steps one can take to create a strong and memorable password:

  1. Make up a unique phrase which is easy for you to remember but difficult for others to guess. Avoid using common phrases, idioms or quotations because a password cracking program can search them through dictionaries or quotation databases. In general, the longer the phrase, the stronger your password can be; but make sure it will not be too long for you to remember. For example, you can use a phrase like "Ken and I go to Causeway Bay to buy a new digial camera".

  2. Take the first letter of each word of the phrase to create a unique and nonsensical word. Using the example above, you will get “KaIgtCBtbandc”.

  3. Add complexity by mixing uppercase and lowercase letters and numbers. Your password should include a combination of uppercase letters, lowercase letters and numbers. You can also use some letter swapping or misspellings to increase the complexity. Using the example above, you can (1) substitute “K” with “k”; (2) substitute “t” with “2”; and (3) substitute “dc” with “DC”. Hence, you will get “knIg2CB2banDC”.

  4. Add complexity by adding some symbols. You can insert some symbols to make the password more complex if you think the above is not good enough. Of course, you need to check what symbols are allowed in your password first. For example, you can (1) substitute “C” with “(”; (2) substitute “a” with “@”; and (3) append “!” at the end. Finally, you will get “knIg2(B2b@nD(!” as your password.

    The string “knIg2(B2b@nD(!” is a good password because it is long (14 characters), complex (with uppercase letters, lowercase letters, numbers and symbols), hard for others to guess, and easy for you to remember. Finally, though it is a good password, don’t use the same password for all your accounts and don’t ever write them down in clear text. You should apply the above steps to create different passwords for the accounts of different applications or services, e.g e-Banking, work related, social networking, … etc.

References: