The Smart Way to Create Passwords

Ask 10 different people how they manage their passwords and you’re likely to get 10 different answers. It seems we all have our own opinions when it comes to what makes a good password, and our own system when it comes to keeping track of them.

But there’s an alarming reality that we’re all faced with when it comes to passwords. The computers used to crack passwords today are faster, cheaper, and more efficient than ever before. Countless breaches now pepper the news, and everyone from tech CEOs to celebrities to average netizens like you and me are fair game for opportunistic hackers.

And given that most of us are now using the web for all aspects of our daily lives, both at work and at home, there’s more at stake because so much more of our private information is being used in our online activities.

So the humble password now has a very big job to do. There may be more than one way to create and manage passwords, but there are certainly smarter ways to create and manage better passwords. While your homebrew password system may have worked until now, times have changed and your approach to passwords should, too.

So what makes a good password?

There are three things that matter when it comes to passwords:

  • Uniqueness: The password should be different than every other password.
  • Complexity: The password should have a mix of characters (uppercase, lowercase, symbols, and numbers) and avoid words straight out of the dictionary.
  • Length: The password should be as long as possible, and no shorter than 14 characters.

A password that combines all of those characteristics is likely very strong. But length of the password is arguably the most important indicator of its strength. The longer the password is, the harder it becomes to crack (or brute-force attack, which simply means it takes longer for a computer to correctly guess it).

If you know a password needs to be unique, complex, and long, the most efficient way to create one is to use passphrases. Passphrases are a smart way to meet all of the requirements for strong passwords, but with a lot less effort – not to mention they’re easier to remember.

To create a passphrase, you simply string together a bunch of words into a phrase that makes sense to you. For example: “theyellowrosessmellgoodinsummer”. To add some complexity, we’ll just swap some characters and add a few new ones: “the3Yellowrosessmell=goodins()mmer”. That’s very random, plenty long, and definitely unique.

Why every password should be unique

Passphrases are much easier to create and remember, but many of us use over two dozen websites and apps on a regular basis. That means we’d need at least two dozen different passphrases, one for each website or app.

Why do they have to be unique? Because every time there’s a big breach, like LinkedIn, millions of usernames and passwords are posted to the Internet or sold on the black market. Suddenly, those passwords are no longer safe to use. It’s very easy for attackers to use those usernames and password combinations on other websites, to see if they find any matches.

Having a different password on each website ensures that even if one website has a security issue, that password can’t be used to compromise any other accounts. Because once an attacker finds another combination, they keep going until they get access to money, or can send out spam from your account, or find clever ways to trick you into giving up even more information.

So we know we need a different password for every website. And we know that creating passphrases is the best way to create a strong password. But when you have over 20 websites and you have to remember a different passphrase for every website, many of which have different password requirements, the situation quickly becomes overwhelming and aggravating.

The complete password solution

That’s where a password manager comes in. Imagine reducing all of the work of creating and typing passwords into a few clicks. You’ll save a lot of time and improve your security by upgrading your password system to using a password manager like LastPass.

With a built-in password generator, LastPass can create new passwords on-demand as you sign up for new services – or helps you go back and update old passwords to new ones that are better. Plus, a password manager like LastPass solves the problem of having a long, unique, complex password at every website. Because it stores those passwords for you and remembers them for next time, you don’t have to fret that you’ll forget yet another password.

Most importantly, you only have one password to remember, your master password to LastPass. You can use the trick of creating a good passphrase as your master password, and then don’t have to worry about remembering or managing the rest because LastPass can do all of that for you.

Just like you’ve upgraded your money management from visiting the bank to online banking, now’s the time to upgrade your password management system, too. Not only will you actually be able to follow the best security advice when it comes to passwords, you’ll save yourself a lot of time and hassle, too.

Get LastPass Free

One Comment

  • Warren Hudson says:

    Hmm. Thanks for this tutorial. Especially I appreciated the passphrase idea.

    You suggest 14 characters minimum length. I checked my LP password generator tool and it was set to 12 characters. I may have made that setting & I’m not sure if 14 is the default.

    It is intuitive that the more complicated a password is, the more secure it will be but could the tool follow this tutorial and incorporate the suggestions with wording such as “14 characters minimum recommended”