Create a Strong Password Using These Tips and Tools

Spotting a Strong Password: Know-How Plus Tools For Better Password Creation

When a signup form asks to create a password, the first thing that comes to many users’ minds is, “Okay I need to create a password that is really easy for me to remember and is connected directly to me so I never forget.” With such mindset, the password created is something like “ILoveSally143.” A hacker will take less than a minute to hack such password and take complete control of your account.

Lately companies and websites are working hard to educate users to use a strong password, and they are also using restrictions to force users to make stronger passwords. Thankfully, with so much news about accounts being hacked and an emphasis on using a strong password, almost everyone knows that they should use a strong password. However, the questions still remains, what is a “Strong” password? In this article we’ll tell you what is a strong password and how to create one.

How a Password Is Cracked

Before we tell you how to create a strong password, it is important to know how to crack a password. There are multiple ways to crack a password, and the most common ones are Brute-Force-Attack and Dictionary Attack. Both of them are explained below.


In a Brute-Force-Attack the hacker (hacker’s software, to be precise) uses all types of letters, numbers and characters in combination to try to crack a password. The process starts from basic total characters like four or five characters, and when all the combinations are used, the software adds another character and uses all the combinations made with it and repeats the process. This theoretically allows Brute-Force-Attack to crack almost any type of password (including encrypted ones). However, as Brute-Force checks each possible combination there is, it takes a lot of time to check all the combinations, and adding another character will drastically increase the cracking time.


Giving an estimate from Kaspersky Password Checker, the password “pzQm45” should take 3 hours to crack, but “pzQm45@” will take two days to crack. If we add another character like “pzQm45@!,” it will take twelve days to crack. This means it is very hard to crack a longer password for a Brute-Force-Attack, and it’s not worth the hacker’s time.

Dictionary Attack


Brute-Force-Attack has a hard time cracking long passwords; this is where Dictionary Attack comes in. In a Dictionary Attack the hacking software uses a long list (in millions) of word combinations taken from dictionaries along with all common character combinations, phrases, sequences and anything that is “common.” If a password has a meaning, Dictionary Attack can crack it. Adding punctuation or numbers along with a common word will not help. For example, Dictionary Attack should be able to easily crack the password “I$3haTe5%MaTh” as somehow it makes sense. As this methods uses combinations of common words and characters, it takes far less time to crack a password compared to Brute-Force, even if the password is long.

Solution: The answer to both of the above attacks is simple: create a long password that doesn’t makes sense. A password of sixteen characters or above with completely random characters should work fine. But creating and managing such a password is hard, which we explain below.

Note: hackers also use Phishing Attacks to steal your password. A strong password will not help against a phishing attack as the hacker will steal the actual password using a fake website page.

Manually Create a Strong Password That Is Easy to Remember

For those people who don’t like providing their credentials to third-party applications, we know a manual way to create and memorize a strong password. You can create a password from a long phrase that has direct connection with you but others don’t know about it. For example, you can create multiple passwords from a phrase such as “I eat vanilla ice cream at 3am, but I don’t get any sleep afterwards!” Below are some examples:

  • Ievica3,bidgasa!
  • IeViCA3,bUtidgAsa!
  • iEvicA3am,BiDONTgaSa!

It will be really easy to remember the phrase as it is connected to something you do or have done before; all you have to do is remember how you created the password.

Use a Password Generator and a Manager

If you don’t want to go through the above process and don’t mind depending on a third-party service for creating and storing the passwords, then things can get a lot easier (and productive) for you. There are many tools that will let you generate a strong password, and you can also use a password manager to save those passwords. Below are some you can use:

Password Generators

Secure Password Generator: A very simple online password generator that allows you to specify password length and character type to easily create a strong password. It also provides hints that will let you easily remember the password.

LastPass Password Generator: The famous password manager LastPass also has an online password generator that is simple to use and offers handy tools to generate a strong password.

Password Managers

LastPass: I recommend LastPass for its simple interface and security options. It will securely store all your passwords and let you sync them over all devices.

Dashlane: This is another good option that is easy to use and offers great security such as two-factor authentication. It also has a digital wallet to save receipts and credit card information.

Important: Never ever use the same password for multiple accounts; even if one of your accounts is hacked it could lead to losing all your accounts.


There should be no compromise on password strength as tens of thousands of hackers are after your information and trying to get into your account. You may say that you are just a regular person and no hacker will have time to hack your account, but hackers don’t care who you are. They just try to hack anything they can get their hands on, one way or another. Identity theft and the wrong use of your account and information is something average users should worry about. I also recommend you enable two-factor authentication if it is available for a website, as it is the best protection against hackers.

How do you create and manage a strong password? Share with us in the comments.

Karrar Haider

Karrar is drenched in technology and always fiddles with new tech opportunities. He has a bad habit of calling technology “Killer”, and doesn't feel bad about spending too much time in front of the PC. If he is not writing about technology, you will find him spending quality time with his little family.


  1. “Dictionary Attack should be able to easily crack the password “I$3haTe5%MaTh” as somehow it makes sense.”
    How does “I$3haTe5%MaTh” somehow make sense but “iEvicA3am,BiDONTgaSa!” somehow does not?

    1. I$3haTe5%MaTh >> says “I hate math” with some numbers and characters swapped in. iEvicA3am,BiDONTgaSa >> this doesn’t makes any sense.

      1. Maybe not to you it doesn’t make sense but with a little effort I could come up with a phrase that uses those characters and make sense.

  2. Good stuff, but remembering a sentence like “I eat vanilla ice cream at 3am, but I don’t get any sleep afterwards!” is easy but remembering lots of combinations of abbreviations isn’t. A password manager is the way to go but you only mention Last pass and Dashlane. I’ve been using Sticky Password for a while and it’s great.

    1. Some people don’t trust third-party services for their passwords. So they have to deal with remembering the strong password. Besides, it is not compulsory to create a complex combination, the first character of each word will work fine as well.

  3. Whatever you do, do NOT use “correcthorsebatterystaple”.

  4. If you are using a Linux system the password generator, “pwgen” works well and, as far as I know, is available for most common flavors of Linux (I use Red Hat-derived Linux for my server installations.)

    The command string I use is, “pwgen -sv 10” which generates a ten-digit, mixed-case, alphameric password that does not contain vowels (and, thus, will not accidentally possibly create words.) Your preferences and selections will obviously vary.

  5. Some programs don’t ask for your password but for example the 1st, 3rd and 7th character, and alternate the question each time. There are others where a second device is involved, for two part passwords.

    How do brute force attacks handle where a program locks you out after ‘n’ unsuccessful attempts. For operating systems they hack the password file instead.

    One problem I have with new passwords is when you work one out in advance and the validation rejects it saying must have this or that character, and must be between 6 and 10 characters but doesn’t tell you until you have tried to enter the password. So you are immediately wrong footed and have to compromise. Much better if you know the criteria before hand.

  6. Hi there! Thanks for these pieces of advice.
    I would like to share with you my favorite tool to generate passwords – Works for me perfectly. Surely, it`s hard to remember generated passwords but I use password manager in my phone and it`s pretty convenient (especially when you have a lot of accounts).
    However, in case you prefer your own pass phrases using associations, there is also given the newest information on how to build successful pass phrase, the one you won`t forget. Check it out.

Comments are closed.