Carnegie Mellon University

How to Create Strong, Memorable Passwords

September 13, 2019

How to Create, Remember, and Secure a Strong Password

Passwords have become a big part of our lives in the digital age. We use them so often that it is easy to overlook the importance of creating a strong one. Almost every bit of private information about us is stored behind a password. If that password were to fall into the wrong hands, it could jeopardize our personal and financial livelihood. This article will provide helpful tips on how to create and remember a strong password—and more importantly, how to keep it secure.

How to Create a Strong Password

make it long

  • Use a Minimum of at Least 10-Characters: CMU requires all users to have a minimum password of at least 8-characters, however when did CMU ever settle for the bare minimum? The longer the password the more secure it becomes. 

Add variety

  • Include Numbers, Symbols, Capital and Lower-Case Letters: The more you mix up letters, numbers, and symbols, the more potent your password becomes making it harder for a brute force attack to crack it. 
  • Add Emoticons: While some websites limit the types of symbols you can use, most allow a wide range. Make your symbols memorable by turning them into smiley faces to instantly boost your password strength. 
emoticon image

make it unique

  • Don't use Personal Information: Be sure your passwords do not contain any personal information that can be publically accessible such as your birth date, pet's name, car model, phone number, or street name and address.
  • Don't use Dictionary Words: Any word on its own is bad. Any combination of a few words, especially if they grammatically go together isn't great either. For example "mouse" is a terrible password. "small brown mouse" is also very bad.
  • Avoid Common Substitutions: Password crackers are familiar with the usual substitutions. "M0use" isn't strong just because the o was replaced with a 0.

How to Remember a Strong Password

The secret to creating a hard-to-crack password that’s unique and easy to remember is to focus on making it memorable and making it hard to guess. By learning a few simple skills, you can easily create a strong and memorable password with minimal effort. Plus, creating them can actually be fun - and your payoff in increased safety is huge.

use a bizarre passphrase with symbols and numbers

Creating an an odd passphrase of words that typically don’t go together is a good way to create the base of a long password. Some sites will even allow spaces. Add symbols and numbers to make it even stronger.

Example: 32 Seagulls deliver bologna sandwiches to Paris 

Example: 32-Seagullsdeliver bologna5andwiches2Paris!

use a phrase and incorporate shortcuts or acronyms

Use phrases that mean something to you and shorten them by using shortcuts; or use the first digit in each word to create an acronym and add numbers and symbols throughout.

Shortcut Example: 2BorNot2B_ThatisThe? (To be or not to be, that is the question-Shakespeare)

Acronym Example: I go bowling every Friday night with 8 friends becomes 1gbeFnw8f:)

use random words to create a passphrase

This method does not follow the traditional password advice of not using dictionary words. Instead, use four or five random words and string them together to create a passphrase that involves multiple words. The randomness of the word choice and length of the passphrase are what makes it strong. 

The most important thing to remember is that the words need to be random. For example, "cat in the hat" would be a terrible combination because it is such a comon phrase and the words make sense together. But, something like "correct horse battery staple" doesn't make sense and the words aren't in grammatically correct order.

Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess. image courtesy of 

How to Secure a Strong Password

  • Don't Reuse it: Having various passwords makes it harder for a cybercriminal to compromise your accounts. In the case that someone got a hold of your passwords, you can rest assured your other accounts are safe. Using a password manager will help you generate new unique passwords for each site you visit.
  • Use Two-Factor Authentication: Two-factor authentication adds another layer of defense for your information. This technology enables you to provide multiple pieces of information as authentication, in any combination of:
    • Something you know-Your Password
    • Something you have- One-Time-Passcode or Generated Key
    • Something you are: Your Fingerprint, Voice, or Iris

 CMU has a free Two-Factor Authentication through DUO Security.

  • Don't Share it: Someone who has your password can impersonate you, change or delete your financial information, make purchases as you, or damage your reputation. The results are lost time, money, and embarrassment. 
  • Secure your Security Questions: Beware of the "security questions" that websites use to confirm your identity. Honest answers to these questions are often publicly discoverable facts that a determined adversary can easily find and use to bypass your password entirely. Instead, give fictional answers that no one knows but you.
  • Don't Store it Online: If you were to lose your laptop or have it stolen, the bad actor would have easy access to your accounts. Instead, use a password manager to store your passwords.

What is a Password Manager?

Password managers are the ultimate solution for generating and storing passwords for multiple websites. Password managers can generate and store strong, unique passwords for each of your accounts. The password data is then encrypted and stored in the cloud or on your device meaning you do not need to memorize them.

The only thing you need to remember is your login details for the password manager app. For more informtaion on which password manager is best for you, check out the descriptions of approved Password Managers.

You're now ready to create your own strong, long, memorable, mixed-character passwords using one or more of these tricks. Or, create your own system- C?UcanCRE8Pwords2;-)  Now share the tips with others, just don't share your passwords!