How Do You Create and Maintain a Strong Passwords?

by William G. Perry, Ph.D.

People need to know how to create strong passwords. Computer users, on a daily basis, are repeatedly asked for passwords. Individuals, for security purposes, are required to enter secret passwords or phrases when they power-up their workstations. Employers, also, routinely require authentication to company workstations. Even Internet web sites ask us for our uniquely identifiable pass code before allowing access to our on-line accounts. We are presumably providing better security and protection for our confidential information when we use unique authentication codes.

Most users have the freedom to select their own strong passwords or phrases. But do you know how to create and maintain one? Computer and network security best practices require that everyone knows how to do so.

Strong passwords are truly our front-line security tool to prevent unauthorized access to our information resources. Individual computer owners should know how to create strong and complex passwords. A business owner should also be aware and even consider creating a company-wide password policy and educating employees on how to follow through upon it. The alternative is to risk an unauthorized person gaining access to your valuable information resources.

A strong password, generally, should be longer in length (i.e. between 8 and 14 characters or more) rather than shorter, contain both upper and lowercase alphabetic letters as well as specialized alphanumeric characters. An example of such a password would be: SaM#XXxx5%.

A passphrase may also be used and tends to be more complex than a password and usually provides even better security. A passphrase might also be easier to remember. An example of a "passphrase" that can be easily remembered might be one that includes special characters such as: $4Lillies^Grow#Tall%intheSummer.

Regardless of a password or passphrase's strength, you should avoid writing it down or sharing them with others. Avoid using passwords or phrases that have their origin in the popular culture. You should also avoid including personal information in your password (i.e. your birth date or a pet's name).

Passwords or passphrases should be changed frequently to remain viable and be unrelated to any previously used passwords. For example, avoid replacing one password such as "Jim's$PassPhrase$" with a new password that is similar such as "Jim's$NewPassPhrase$".

Computer users should also avoid using common words such as "vegetables" or "fruit" as passwords.. Crackers or others who are trying to gain access to your information assets can easily use off-the-shelf programs to conduct what is known as a "dictionary attack". Modern day computers can literally test every word in the dictionary in an attempt to identify your password.

Consider checking the strength or robustness of your password. 

The purpose for using passwords or passphrases is to help assure the confidentially, integrity and availability of information assets. A prudent infrastructure owner and computer user may want to consider using additional techniques to improve user authentication.

You can learn more about securing your computer and information assets by visiting

Strong Password, Authentication, Computer Security