Carnegie Mellon University

Creating Strong Passwords

Passwords are the most common way to prove we are who we say we are when it comes to using websites, social media accounts, email, and even the computer itself. Passwords also give us and others access into mobile phones, bank applications, work log-ins, and confidential files. For many online systems, a password is the only thing keeping a hacker from stealing our personal data. With all of the research and software programs available to help protect passwords, computer users are still making the same errors such as reusing passwords for multiple accounts, using personal information in a password, using commonly known passwords, and creating passwords with minimum characters. These common user errors make it easy for a cyber criminal to crack a password and compromise an account in a matter of minutes.

The following information will provide specifics on how users can create strong, secure, memorable passwords for each of their accounts.

How to create strong passwords

  • Avoid the obvious: Don't use any personal information in your password that can be found on a publicly accessible space such as an Internet search engine or social media. This includes pet names, birthdays, child names, street address, etc. Additionally, don't use easy to guess passwords such as "123456", "qwertyuiop" or "p@$$w0rd". 
  • Never share your password: When you share your password, you are sharing all of your account details with that person as well. Each person that has access to your account is another avenue for you to be attacked. Others who have access to your account could change the password and prevent you from accessing your account information. 
  • Be creative with a Passphrase: Make your passwords longer by using a memorable passphrase such as a long sentence or combination of random words. Add symbols, numbers, emoticons, and spaces throughout to add to the complexity. Some examples are:
    • My heart is in the work becomes = My<3 is N Thee Werk !! 
    • 42 S!amese Cats g0 Golfing ON Friday Afternoonz!
  • Stay away from dictionary words or common substitutions: A combination of words, 

    especially if they grammatically go together is not a strong password. Additionally, many password crackers are familiar with common substitutions such as "@" for "a" and "0" for "o". This is not to say that you can't use them, just be mindful of how many are in your passwords/passphrases.

  • One password for each account: Use a different password for each account. This means that a compromise in one accoutn will not adversely affect all of your accounts. To make it even easier for you, install a Password Manager.
  • Use Two-factor authentication (2fa): 2fa adds another layer of security to your accounts. 2fa requires that someone provide multiple pieces of information in order to authenticate into an account.