How to create a strong password (and remember it)

How to create a strong password (and remember it)

Consumer Reports News: December 06, 2011 06:08 AM

You can create strong passwords that don’t make you memorize a cryptic string of letters, numbers, and punctuation symbols. Here are three techniques:

Use a sentence. It’s easy to remember the first letters of the words in a sentence. For example, children have used this sentence to remember the names of the nine planets: My Very Excellent Mother Just Served Us Nine Pickles. You could use the first letters of those words to generate this strong 9-character password: m*Emjsu9p, where Venus (the morning or evening star) is represented by *, the letter for Earth is capitalized, and nine is a numeral. In practice, it’s best not to use such well-known sayings to generate acronyms.

Use a pass phrase. Several words mixed with numbers and punctuation symbols is known as a pass phrase. For example: stitch9clock^handsapplausE. The longer the pass phrase, the more secure it is, though you’ll be limited by the maximum length the site allows.

Growing the haystack. Developed by security expert Steve Gibson, president of California-based Gibson Research, growing the haystack takes advantage of the ways hackers crack passwords. “The first thing they’ll try is the well-known dictionary of most common passwords,” Gibson says. “Then, if they know something about you, they will try to guess things from your life.”

To foil that part of the process, Gibson suggests starting with a phrase that’s short but not a common word. That forces the hacker to resort to the slower brute-force approach by trying every combination in existence, which is like looking for a needle in a haystack.

Once you’ve accomplished that, “the length of the password matters more than its absolute complexity,” Gibson says. In other words, make the haystack larger by padding the password with numerous easy-to-remember symbols. For example, the password “c - @T - - 9 - - -” is 10 characters long and is probably not in any dictionary, but it’s not very hard to remember.

A caveat: Don’t use any of the above examples as actual passwords. Now that they have been widely published, hackers might add them to their dictionaries.

For more advice on keeping yourself safe, check out our Online Security Guide at Consumer Reports Online.

E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

More From Consumer Reports

Laundry & cleaning
Best washing machines that cost $800 or lessVideo These workhorses of the laundry room won't break your budget.
Special report: How safe is your ground beef?Video Recalls of bacteria-tainted ground beef are all too frequent.
Hidden helpers in your phone are at your fingertips Smartphone functionality has zoomed way beyond driving directions.
Why you shouldn't buy drugs from sites outside of the U.S. There are safer ways to save on your prescription drug costs.


Cars Build & Buy Car Buying Service
Save thousands off MSRP with upfront dealer pricing information and a transparent car buying experience.

See your savings


Mobile Get Ratings on the go and compare
while you shop

Learn more