Online Software

How do you create a strong password?

strong password
Even if you can use fingerprint recognition to sign in, there will be times you need a strong password

How do you create a strong password? There’s a strong line of argument to say you shouldn’t. Instead, place your faith in password managers. The best ones not only keep automatically created strong passwords for you, but also keep them in sync across your different devices.

There are still times, though, where you’ll need to know a strong password. Even now, in this era of fingerprint and face recognition, my Windows laptop prompts me for a password occasionally. And you’ll need to set a strong password for your password manager, too.

Here are different ways to do it, along with a comment from a security professional to judge their effectiveness.

The initials method

The idea is that you choose a multi-word phrase that only you will know. For example, that previous sentence would become tiitycamwptoyk. Pretty tough to break (and dangerously close to being obscene). You can make it even tougher by substituting numbers for suitable letters. So, t11tycamwpt0yk.

You can even mix in a symbol to make it tougher. t11tycam%wpt0yk. I’ve added the % where the hyphen of “multi-word” would go.

“Using a strong password manager to generate a random, password is always best,” said independent computer security analyst Graham Cluley, “but this is a good compromise for when a password manager simply isn’t convenient, or when it’s a master password for the password manager itself!”

“The key thing is to make it something that you can easily remember, but that other people cannot determine and – of course – make sure it’s unique and that you’re not using the same password anywhere else!”

The three-word method

The imposing-sounding National Cyber Security Centre advises that you create a strong password using three random words. So, using my own brain, I just thought of catch, tidy and shells, which would become catchtidyshells.

A pretty difficult password to crack, but it won’t help for any of those sites that demand numbers and non-standard characters. You can get around that with substitution, eg catcht1dysh3lls. Maybe add an %, $, £, * or another random character for luck.

So how secure is this? The key, explains Cluley, is to use truly random words. “It’s all too easy to look around your desk, and choose something that you can see. Maybe open your dictionary on random pages to choose the three words, and for extra strength change the case of some letters or introduce some funny characters along the way.”

There’s also a handy online tool that can create a three-word password for you, complete with numbers. Note its default is five words and five numbers, which is a tad long for my liking.

The terrible method

Whatever you do, don’t create a password that’s based on anything guessable. So, your children’s names, your pets’ names, your place of birth, your date of birth. You’d be amazed at how many people put 42 into their password if they were born in 1942.

Two-factor authentication

One final tip: always switch on two-factor authentication if you can. This is a second layer of security that means people can’t access your email, say, unless they know something other than your password.

The most obvious second layer is your phone. It’s tied to you and it’s likely protected by a PIN or security pattern or fingerprint. Plus, it’s always with you.

“The site Two Factor Auth is a good resource if you’re not sure if a site supports multi-factor authentication or not,” said Cluley. “And if you have a choice have your 2FA token generated by an app rather than sent via SMS – as crooks have intercepted text messages to break into accounts in the past.”

The final word on strong passwords

One final thing to note: I’m not suggesting you create more than a handful of passwords using these methods. It’s too difficult to remember them and that leads to chaos. Password managers are the way forward.

READ NEXT: What is the best password manager?

About the author

Tim Danton

Tim Danton is editor-in-chief of PC Pro magazine and has written about technology since 1999. He enjoys playing with gadgets, playing with words and playing tennis. Email

1 Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Tim, I developed a random password generator. It is made using JavaScript and therefore passwords are generated locally on the client’s computer. The generator can be run even when the Internet is turned off because it did as PWA. If you are interested, try

    PS I would be glad if you add it to this article