What makes a good password?

Is your password based on your name or one of your family members?  How about some number related to your birthday?  Your favorite Disney character?  A pets name?  The numbers to your home or office?  I’ve seen all these approaches, and unfortunately so have the hackers.


In recent weeks Hackers have stepped up their attacks on the Internet.  One of their latest exploits includes using other infected computers as Robots (Bots) to attempt to login to computers connected to the Internet with RDP Remote Access enabled (see my other blog article on the details of this, and how to defend yourself from it).  They can make a try every one or two seconds, easily more than 40,000 tries per day.  They don’t get tired and they don’t give up easily.  If you have a simple password, it increases the chances a hacker could get through.  This is just one of many reasons to have a good password.

What makes up a good password?

The obvious answer is something that no one could guess or reasonably hack.  Five or more years ago, it was generally accepted that a good password included:

  • A mix of upper and lower case
  • At least one number
  • At least 7 characters in length

For example, ‘cowboy’ was a bad password, but ‘Cowboy7’ was a good one.  But alas, in today’s more hostile environment Cowboy7 is now considered a weaker password.


S6&k#)Y3f^dT!a  would be a great password, but incredibly difficult for you to remember.  Somewhere there needs to be a balance between security and functionality.  This is even further compounded by the strong suggestion you should NEVER use the same password in two places, meaning that you will need to remember multiple complex passwords.

In my opinion, a stronger password today should include at least:

  • One or more special characters such as !@#$%^&*()
  • At least one number, preferably two or more
  • A mix of upper and lower case
  • At least 7 characters in length, more (10+) is better
  • A non-dictionary word, ideally something totally random

I suggest inventing some algorithm in your mind to create your passwords.  Start with some totally random thought like “The Quick Brown Fox Jumped Over the Lazy Dog” or “My Car is Blue”.  Then take the first or last letter of each word, such as “TkBxJrLg”.  Now blend in random numbers and syntax, and it might become “Tk5Bx@Jr&Lg”.  Invent your own system in a way that you can remember it.

You should also change your passwords periodically.  Microsoft suggests every 30-60 days.  I don’t know about you, but my brain probably can’t hold that much change and complexity.  I think at least once per year is a good start.

Some resources that you might find handy

Store your passwords in a safe place:  Why try and remember them all when you can store them in a database?  A free application to store all your passwords in an encrypted database is called Password Safe.   They have a Windows and Android Smart Phone versions, so you can have your passwords with you wherever you are.   Password safe also has a nifty feature where it will also generate a hard, random password automatically for you.  If you write it down on paper (gasp), lock it in a safe (seriously).  Don’tput it on a post-it note next to the computer or under the keyboard.


Random Password Generator:  Not feeling creative, and want a computer to generate a really hard random password for you?  Try, you tell it how long you want the password and if you want symbols, and it generates it for you.   If you use this, remember to document the password somewhere in case you forget (and you will).

Want to learn what Microsoft thinks is a good online password, read it here.

Whatever your password is I hope this inspires you to review it and change it as needed.   Think beyond just your own password, and review EVERY password on your Practices network.  Enlist the help of your IT person if needed.

If you’d like a little help with your passwords or Internet security in general, consider contacting us.  Just give us a call at 866-419-1102 or check us out online at

Want more hear about more Tips and Tricks like this? Sign up to to get updates by eMail as soon as we add them.

I’d like to hear your comments on this topic. Please leave your comments here on this blog.


By Steve McEvoy

Car Guy, Nerd, Canadian hiding in California

One reply on “What makes a good password?”

I use KeePassDroid which is an implementation of the KeePass Password Safe for Android. Read/write support for .kdb and KeePass 1.x. Read-only support for .kdbx and KeePass 2.x – I use it along with DropBox to sync my encrypted password files to all my devices.

Comments are closed.