The H.A.C.K.E.R. Project

Arguably, the most critical element protecting your accounts and information is your password. The majority of applications or websites nowadays require users to create an account and, consequently, a password for that account. Although using a simple and easy-to-remember password might seem tempting, this could leave you vulnerable to malicious cybercriminals and hackers. To protect your personal data, creating a strong password is crucial. While making an uncrackable password is impossible, these tips can help you create a strong password that will be harder to crack.

What not to do When Creating Your Password

★  Do not reuse a password that you have used before

While it is easy to fall into this habit, it is crucial to create a unique password for every account. If you reuse your password and a cybercriminal gets it, they will have access to all the other accounts that use that password. Reusing your passwords increases the chance of your personal data being stolen.

★   Do not use any personally identifiable information in your password

This could be your name, date of birth, address, phone number, or any data that can identify you. Cybercriminals can search for this information on social media, for example, to try and guess your password. They could also use this information to guess any security questions your accounts might have. 

★   Do not use words that can be found in the dictionary in your password

Passwords which use words found in the dictionary (of any language) are susceptible to dictionary attacks. These attacks involve trying every possible word in the dictionary to guess a password. “For example, instead of the password ‘hoops,’ use ‘IlTpbb’ for ‘[I] [l]ike [T]o [p]lay [b]asket[b]all’“ (Cybersecurity and Infrastructure Security Agency).

★   Do not use repeating or sequential characters in your password

This can include ‘bbbbbb’, ‘abcd’, ‘1234’, ‘qwerty’, asdfgh’, ‘xoxo’, etc. This can make it easy for cybercriminals to guess your password or use a password-cracking program.

★   Do not use the name of the service or your username in your password

For example, using the password ‘google1’ for a Google account is too easy to guess or crack. Using your username in your password is too easy, as well. Another tip is not to use ‘password’ in your password.

What to do When Creating Your Password

★   Make your password lengthy

Take advantage of the allotted character limit and make the longest password allowed. This is one of the most important things you can do to make it harder for attackers to get your password. The National Institute of Standards and Technology currently suggests using the longest possible password or passphrase, within reason. They recommend a password length of at least 8 characters up to 64 characters. 

★   Make your password complex

Use a mixture of uppercase and lowercase letters, numbers, and special characters. Try to incorporate these throughout your password—not just at the beginning or end. Also, when possible, use spaces in your password.

★   Use a sentence or phrase in your password

Try to come up with a sentence or phrase that you can remember. For example, the sentence “I love apple pie with cheese!” This sentence can then be turned into “JkLDv7k^ppl7kp17kwJthkCh77z7!” To make the password more complex, I switched any i’s with an uppercase J, any o’s with an uppercase D, any a’s with a ^ (carrot) symbol, any e’s with a 7, and any spaces with a k. When changing/substituting certain letters with numbers or symbols, try not to be too obvious. Some obvious substitutions are switching an o with a 0, an e with a 3, a s with a $, etc.

Some websites or applications have character limits on passwords, so you might have to pick a shorter sentence or phrase. Still, using a sentence or phrase, intentional spelling mistakes, and changing certain letters with numbers or symbols can help protect your password from being cracked.

★   Use seemingly random words in your password

Try using seemingly random words in your password. For example, you could grab the nearest book and a random number, let’s say 53. You can use every 5th word from each sentence on the 53rd page of the book until your password reaches your desired length. The book closest to me is Crime and Punishment. So, for this book, I can use the words “Mikolka”, “flushed”, “side”, “her”, and “shouted”. With these words, you can make the password more complex using the strategies in the tip prior. My password would be MJkDl^kflgsh7dksJd7kh7rkshDut7d, using the same techniques I used before, and misspelling “flushed” some more by replacing the u with a g. If you want to be truly random, you can use an online random word generator to help come up with words.

Resources & Further Reading

Cybersecurity and Infrastructure Security Agency. “Choosing and Protecting Passwords.” CISA, 18 November 2019, https://www.cisa.gov/news-events/news/choosing-and-protecting-passwords. Accessed 13 February 2024.

“Guidance on the Protection of Personal Identifiable Information.” U.S. Department of Labor, https://www.dol.gov/general/ppii. 

Grassi, Paul A, et al. “Digital Identity Guidelines: Authentication and lifecycle management.” NIST Special Publication 800-63B, vol. 800, no. 63, 2017. B, https://doi.org/10.6028/nist.sp.800-63b.