[Internet Privacy] The Art of Creating Strong, Yet Easy-to-Memorize Passwords

They say it is always better to prevent than to cure.

This belief should apply perfectly to our daily Internet routine as well since it implies socializing, purchasing goods and services, making bank transactions and many other things that obviously cover almost all our life aspects. Privacy is therefore a key element and all web accounts need to be protected by a secure password that could also be easily memorized. Otherwise you have a lot to lose: intellectual property, personal data, dignity, money, friends, you name it.

A strong secure password should have around 8 characters, whereas a password of say 6 characters can be easily discovered with a little bit of help from brute force software. The term “characters” refers to not only letters but also numbers, symbols and punctuation marks. It is also advisable to use both upper and lower case as the broader the variety of signs, the more secure the password. Furthermore, try to make use of the entire set of keyboard signs rather than limit to one side.

How to create a strong password?

  1. Step 1 – think of a word that is meaningful to you or your purpose; let’s say:  password
  2. Step 2 – add case sensitivity for some of the letters; for instance  – PASSword
  3. Step 4 – add numbers that are meaningful to you between the letters – PASS26word
  4. Step 5 – increase the length and strength of the password with symbols and punctuation – !PASS26word;

Once created, you can check the password’s strength with password checker software. Other tips are to avoid writing the password down as it can easily be seen and put to illicit use, steer clear of using one password for everything and unless you cannot help it, do not type your passwords on computers that may be used by people other than you or your family.

Another option would be to employ the on-screen keyboard while logging in to accounts, instead of the actual keyboard. This prevents malware – such as keyloggers – from recording and stealing your login credentials.

Hot password trends across enterprises

The enterprise environment is prone to attacks by default. Successful penetration can bring a hacker much more than access to a user’s personal e-mail address or social networking account. Breaking into a corporate account could allow a hacker to access the company’s intellectual property, physical resources (such as workstations or servers) and any other assets the user may have access to.

Luckily, most enterprises have enforced strict regulations regarding the composition and expiration dates of users’ passwords. Centralised management via various implementations of the Lightweight Directory Access Protocol (LDAP) or Remote Authentication Dial In User Service (RADIUS) technologies has made it easier for security officers to enforce specific password models on users.

Some of the aspects enforced by these services are the complexity of the passwords, their expiration date, a fixed number of tolerated failed logins, as well as the mandatory introduction of a brand-new password upon changing. While both LDAP and RADIUS add extra levels of security, some companies tend to replace the traditionally-vulnerable authentication systems based on passwords with digital certificates. Not only are they less likely to fall into the wrong hands by voluntary / involuntary disclosure or by traffic sniffing, but also they bind the user’s credentials to (?) a specific computer. In order for an attack to succeed, the attacker needs both the certificate and the user’s personal computer.

Even though I listed some methods of creating a secure password, in the end, it’s up to you to take a little time and think of a system that works for you, because – don’t forget – privacy is extremely valuable.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.

1 Comment

Click here to post a comment