Strategies for Creating Secure Passwords

When it comes to Internet security, your first line of defense is having strong passwords for all of your online accounts. Unfortunately, many computer users underestimate the importance of having strong passwords, leaving themselves vulnerable to hackers who could compromise their email accounts and distribute spam, break into their checking and savings accounts, or worse, steal their identity.

Following is a set of rules and guidelines you must keep in mind if you want to securely protect all of your online accounts, as well as two systems you can model your own password creating system after.

What You Can Do to Prevent Identity Theft

  1. Never use words found in the dictionary, family names, names of pets (dog, cat, fish, etc.), or any part of your username or other personal information that could identify you.
  2. Never repeat letters or numbers such as AAA, or ZZZ, or use consecutive numbers or letters such as 123, or ABC.
  3. Never use incremental phrases when changing your password(s), for example, “mypassword1”, “mypassword2”, etc.
  4. Never use any part of your first, middle, or last name.
  5. Never use any part of your birth date (JAN, or DEC, or 013013), your social security number, telephone or cell numbers, license plate number, street address or name, or apartment or house number.
  6. Never use the same password for any of your other online accounts. Were hackers able to break into one of your accounts containing other usernames and passwords, such as where you bank online and your account number, they could easily compromise these accounts, and quite possibly even wipe out your savings.
  7. Never access password-protected accounts over open Wi-Fi networks you are unfamiliar with, unless the site is secured via HTTPS (look for “https” in the address bar where you are entering your password).
  8. Never enter a password or other personal information at any web site you through an e-mail link. (Many of these sites are phishing scams involved with identity theft, or may distribute malware that can affect your computer. A more secure practice would be to enter the site’s website address (URL) directly into your browser’s address bar and then navigate to the information, offer or download you are interested in. Remember, legitimate websites will never ask for your login information either via e-mail or over the telephone.
  9. Never start your computer so that it automatically signs you on to your e-mail or other online account or any browser sign-in page.
  10. Never use the “Remember password” option to store your username and password if offered by your Internet browser. Internet Explorer and Firefox, as well as, some other browsers offer the remember password option, but keep in mind that they are not secure. If you insist on storing your usernames and passwords (not recommended), and currently use Internet Explorer to surf the Web, consider switching to Firefox; at least you can encrypt your login information with a master password.
  11. Never enter your password on a computer that you don’t have control of, for example, at the local library or on a friend’s computer because you don’t know if that computer has already been infected with spyware or keyloggers that could steal your sensitive data and track your key strokes.
  12. Never e-mail your username or password to anyone.
  13. Never type your password when someone is looking over your shoulder, particularly in public Wi-Fi areas, libraries, or at your place of employment.
  14. Never use any password-creation systems you have read about online, including those outlined in this article. Why? Because hackers already know these techniques or read articles like this, so create your own unique password creating system.

Important Guidelines to Always Keep in Mind

  1. Always change your passwords at least every 6 months, preferably every 3 months.

  2. Always provide only the minimum amount of information when setting up a new online accounts, for example, for non-sensitive accounts or sites of general interest, newsletters, etc., and never enter any personal information in the profile section, unless required.

  3. Always write down new usernames and passwords as soon as you have set up account. Store them in a locked drawer, filing cabinet, or safe but definitely not on your hard drive or backup drive. In addition to saving your passwords on a typed or hand-written document, consider saving them to a CD or floppy diskette, or on a USB stick or flash drive.

  4. Always use a VPN connection if you are a frequent traveler.

  5. Always recreate a strong and secure password using the strategies covered in this article (see Strategies for Creating Secure Passwords below) as soon as you realize you have lost or cannot remember your password. For example, for the sake of saving time, never enter a simple password as you may forget to create a strong password later.

  6. Always produce a random-seeming combination of letters, numbers, and special characters.

  7. Always change password immediately when they are compromised.

  8. Always create a temporary password if someone else needs access to any of your online accounts. After they have finished their session, change it back to your strong password.

Strategies for Creating Secure Passwords

Following are two examples of password creating systems. As a base line, your passwords should contain no fewer than 8-10 characters and should include at least one or more characters from each of the following groups:

Numbers: 0 – 9
Lower case letters: a – z
Symbols: !, @, #, $, %, ^, &, *, or ?.

Password Creation Strategy 1

For the sake of simplicity, we will use the word “password” as our “base-word” (you can use any base-word you like) and then apply the following rules:

Rule #1: Reverse the order of the letters in the word “password”.


Rule #2: Reverse the order of the first and second letters, third and fourth letters, fifth and sixth letters, and seventh and eighth letters:


Rule #3. Substitute upper case letters for every other letter (or every 3rd or 4th letter if you prefer):


Rule #4. Substitute any 2 numbers and any 2 special characters (see special characters above), for any of the letters:


You have just created a VERY strong and SECURE password: “R9@o1s*a” (no quote marks). When changing your password(s), use the same rules you used to create your old password and simply change your base-word or base-phrase.

To make an even more secure password, consider creating your password(s) based on a 10-letter base-word, thus yielding passwords that are virtually impossible to crack.

Password Creation Strategy 2

Another way to assure create top-level security for all of your online passwords is by using a “rules-based” password generator system, one that you can remember easily, and where you – and only you – set the rules. As with any password generating system, remember to never share your system with anyone.

A rules-based password is one where the formula (the “rules” set) applies equally to each of your account passwords while at the same time allowing each account to maintain its own uniqueness thus making it very difficult for hackers to crack. Remember to create your own rules-based password system.

Rule #1: Think of your favorite 8-word quote that holds some special meaning for you, for example, “Be the change that you want to see.” (M. K. Gandhi) This quote will be the “base-phrase” for each of your online account passwords. If your quote is longer, say 10-words, that’s okay and, in fact, will yield an even stronger password than the one in this example.

Rule #2: Select the second letter of each word, or the letter itself, where the word is a single character, i.e. “a”, or “I”, etc. Applying this rule to our base-phrase “B(e) t(h)e c(h)ange t(h)at y(o)u w(a)nt t(o) s(e)e” will yield the following:


Rule #3: Change every other consonant to an UPPER case letter, which yields the following:


Rule #4: Substitute one or more numbers, 0 – 9, (your favorite or lucky number), and one or more special character for each of the vowels, which yields the following:


Rule #5: Create a 2-letter symbol for each of your online accounts, for example, for Bank of America, the symbol would be “BA”, for Hotmail it would be “HM”, and for your Facebook account, it would be “FB”. Just add the first letter of your account symbol to the front of your rules-based password, and the second letter at the end, which yields:


When creating new account passwords, just memorize 9HhH*1O! and then add your 2-letter account symbol as described in Rule #5.

If you are unsure if your current passwords are “strong” and secure, you can check them online with Microsoft’s Password Checker. If you discover that any of your passwords are not strong, it would be wise to create them as soon as you have finished reading this article.

Easily Remember Your Passwords with Last Pass

Have you ever forgotten the username or password to one of your online accounts? If you have, you know how this can push your “frustration button”, not to mention the time it takes to set up a new one. What’s even more time consuming is when you have to contact some company by phone to reset your password, for example, if you’ve forgotten your secret questions and answers. And, what if the company doesn’t offer 24/7 tech support when you really need to access your account? Said enough?

Your overall online security strategy should include an easy way to remember all of your usernames and passwords. If you have several online accounts, and unless you have a photographic memory, trying to remember all of your account’s login information can be a daunting, if not, impossible task.

So, What’s the Solution?

Download and setup LastPass in minutes. Once you have created your account, LastPass prompts you to save new sites as you browse so you’ll never lose another password.

Hassle-Free Login

After saving a website’s username and password, LastPass will auto-fill the login when you return to that site. No thought, no typing, no work required, LastPass does it for you.

Centralize Your Data

See all your accounts and passwords in one easy-to-use “vault”, where you can edit, delete, and organize your stored data. LastPass syncs automatically, so you are always up-to-date, wherever you are.

Streamline Online Shopping

Set up a Profile for each credit card, family member, billing and shipping address. When you are registering for an account, or ready to complete a payment, select the Profile you want, and complete the form in a single click.

Record Your Most Important Information

Create secure notes for credit cards, insurance cards, memberships, Wi-Fi logins, passports, your driver’s licenses, and much more. Store the information you need to keep safe and private.

Backup Sensitive Documents

Attach documents and images to your secure notes. LastPass backs up your files automatically so you always have a secure, digital copy.

Share Accounts – The Right Way

Send logins for shared accounts to friends and family who are fellow LastPass users. Keep passwords “hidden”, and delete when needed.

Generate Long, Strong Passwords

The LastPass password generator appears when you create a new account or updating an existing account, so you have unique passwords that follow best security practices.

Perform an Audit

Run the LastPass Security Challenge to check your progress, and identify areas where you can continue to improve your online security. LastPass also alerts you to weak and duplicate passwords when logging into your accounts, so you can generate new ones immediately.

Add Another Layer of Security

Recommended by industry experts, multi-factor authentication adds a second login step when signing into your LastPass account, so your accounts are even more safe. Select one of the many multi-factor authentication options we support to better protect your personal information.

Be the First to Know

Make positive improvements as you go. Get security alerts e-mailed directly to you, so you can be proactive about replacing passwords when other sites and services may have been hacked.

Customize and Personalize LastPass

Take advantage of the many features LastPass has built to improve your workflow. Use Hotkeys for quick access to the Password Generator, Form Fill Profiles, and much more. Set up equivalent domains so that a change on one site can be applied automatically to another.

Better Manage Your Company Data

Could your team benefit from shared password tools, better centralized management of accounts, and easier account provisioning when on-boarding and off-boarding employees? LastPass Enterprise helps you improve workplace productivity while making it easy to follow best security practices. Learn more about If you are an IT professionals or looking for “military-grade” encryption technology, I highly recommend the Ironkey, which includes a built-in Firefox browser to cloak your online activity, up to 64GBs of storage, and can automatically enter your online account usernames and passwords for you.