How to create strong passwords and remember them

When you create an account on any website, you may have the "password dilemma" for some time. The issue is whether you should provide a weak password that is easy to remember or a strong password that is hard to remember.

The following are some recommendations on creating a strong password.

Password Length

Choose a password that is at least 8 characters long. A longer password of 12 or 14 characters is even better.

Password Complexity

The password should contain at least one character from each of the following group:

  • Lower case alphabets

  • Upper case alphabets

  • Numbers

  • Special Characters

Using a pass phrase

Choose a memorable quote, song, or phrase and use the first letter from each word. Vary the capitalization. Also, make sure to also include numbers and symbols, either as substitutions for letters or as a replacement for a full word.

For example, the phrase "iced tea is great for summer" becomes IcedTisgr84$umm3R.

Things to avoid when creating password:

  • Password should not be the same as user name or part of the user name.

  • Password should not be the name of family members, friends, or pets.

  • Personal information about yourself or family members. This includes the generic information that can be obtained about you very easily, such as birth date, phone number, vehicle license plate number, street name, apartment/house number etc.

  • Sequences or consecutive alphabets, numbers, or keys on the keyboard. For example: abcde, 12345, QWERTY

  • Dictionary words. Dictionary words with number or character in front or back.

  • Real word(s) from any language

  • Word found in dictionary with number substitution for word look alike. For example: Replacing the letter O with number 0 as in Passw0rd.

  • Be a single word, forward or backward, from an English or foreign dictionary

  • Contain more than 3 sequential characters on a keyboard (such as qwerty or 1234)

  • Contain more than two consecutive repeating characters (bbbb2bbb)

Recommended best practices

  • Use a password generator

    Use the Norton Identity Safe Password Generator to create highly secure passwords that are difficult to crack or guess. Just select the criteria for the passwords you need, and click Generate Password(s). The more options you choose, the more complex and secure the passwords will be. For more information, visit the Norton Identity Safe Password Generator webpage.

  • Use a password manager

    Norton Identity Safe helps you store and manage your sensitive information such as your logins, personal information, and financial information. Identity Safe encrypts and stores all your sensitive information to a cloud-based vault. You can access the cloud vault using a password from a PC, laptop, tablets, smartphones, and the Norton Identity Safe website. For more information, read What is Norton Identity Safe?

  • Create unique password every time

    When you are changing a password for an existing account, it should not be the same as the previous password. Also, do not use incremental passwords while changing it. For example: password1, password2 etc.

  • Change your passwords for all your accounts once every 6 months

    Since passwords have a fixed length, a brute-force attack to guess the password will always succeed if enough time and processing power was available to the attacker. So, it is always recommended to change the passwords often. Schedule a recurring appointment on your calendar to change your passwords once every 6 months.

  • Never write down your passwords

    Creating a very strong password and writing it down on a paper is as bad as creating an easy to remember weak password and not writing it down anywhere. You should never write down the password on a paper. If you want to carry your password along with you all the times, use a password manager tool that runs from USB stick and take that with you all the times.

  • Never keep the same password for two different sites

    It is very tempting to create one set of passwords for all your emails, another password for all the banking sites, another password for all the social networking sites etc. Avoid this temptation and keep unique passwords for all your accounts.

  • Don't type your password when someone is looking over your shoulder

    This is especially very important if you type slowly and search for the letters in the keyboard and type with one finger, as it is very easy for someone looking over your shoulder to figure out the password.

  • Never send your password to anybody in an email

    If you never write down your passwords, this should not be an option. But the reason I'm specifically saying about this is because several hackers send emails as a support person and asking for your user name and password through email. Legitimate website or organization will never ask you for your user name and password either by email or over telephone.

  • Change password immediately when they are compromised

    Even if you have the slightest doubt that someone might have stolen your password, change it immediately.

  • Don't use the "Remember password" option on the browser without setting the Master Password

    Don't use this feature of the browser to store your user name and passwords without enabling the "Master Password" option. If you don't set master password on the Firefox browser, anybody who uses your Firefox browser can see all the passwords that are stored in the Firefox browser in plain text. Also, be very careful with this option and say 'Not Now' in the remember password pop-up, when you are using a system that doesn't belong to you.

  • Don't type your password on a computer that does not belong to you

    If possible, don't use someone else computer that you don't trust to login to any website, especially to very sensitive website such as banking. It is a very common practice for hackers to use key loggers that will log all the key strokes on a system, which will capture everything you type including the passwords.

Thank you!

Thank you for using Norton Support.

< Back

Was this information helpful?

DOCID: v121052439_EndUserProfile_en_us
Operating System: Windows, Mac OS X
Last modified: 04/17/2017