choosing a good password

I enjoy coming up with new passwords. It usually takes some time to come up with a good one, and then you have to work at being able to type it quickly, but aside from that, it’s fun. I don’t change my passwords as often as I should, but when I’m forced to change them for whatever reason, I usually like doing it. In fact, I remember one password that made me chuckle every time I used it for the first several days. Other passwords I’ve thought of are so slick I want to tell people about them, but that tends to decrease their utility for security purposes.

I have collected a few links that may come in handy when it comes time for you to think up a new password. Everyone has their own preferences so use whatever works best for you, since it will be easier to remember. Just make sure it’s secure.

Chad Lundgren discusses password usability and typability, David Curry talks about choosing a good password, some system administrators at the University of Maryland explain how to pick passwords that aren’t easily cracked, Ask Yahoo lists some of the most common passwords (which means you should never use them), and finally, a long list of common passwords (which you should also never use).

If you’re wondering how good your current passwords are, Firefox has a password quality meter in the Privacy section, under Saved Passwords -> Set Master Password. I also found an online password analyzer at securitystats that tells you how to make it stronger and congratulates you when you enter hard to crack passwords (it’s always nice to have some positive reinforcement). The two analyzers differ a bit, but it appears that any password that securitystats likes, Firefox likes too, so I recommend using securitystats.

From my tests, you will be congratulated as long as your password is at least 8 characters long, has at least one lowercase letter, uppercase letter, number and non-alphanumeric character. That’s not a bad recipe for a password, but the trick is to make it easy to remember too.

The way I do it is to come up with a phrase and then turn it into a password. For instance, if you like tennis, you could have your phrase be, “Tennis anyone?”, or 10sne1?.

Another password I used to use (I haven’t used it in years) used the following phrase: $23 for Sam tilde, or 23$4Sam~.

The possibilities are endless, so have fun with it. If, however, you decide you don’t want to think up passwords on your own you can always have them generated for you online, although they’re going to be harder to remember since you didn’t think of it yourself.

The best password is one that you can easily remember, is secure and easy to type. You get bonus points if it makes you laugh.


 (Post a comment) | Comments RSS feed
  1. There are so many passwords to remember these days … sometimes it becomes a bit tiring. I have a few different variants and tricks I use that are supposed to keep me from forgetting what passwords I’m using. Doesn’t always work though.

    Comment by danithew on November 12, 2004 @ 11:16 am
  2. This is a good reminder to me that it’s time to change some of my own passwords. Some of them are so old they’re stagnant and crusty. Also, a little fragile.

    Comment by Seth on November 12, 2004 @ 1:19 pm
  3. I just tried a bunch of passwords with securitystats and then I got to thinking they might could be storing those passwords and tracking the ip they came from and do an ssh storm trying uname combos with the password. Tricky.

    Comment by Cameron on November 12, 2004 @ 5:13 pm
  4. If you’re concerned about that you use an anonymizer so they wouldn’t have your IP address, or better yet, go there from machines where you don’t use the password you want to test.

    Comment by dan on November 12, 2004 @ 5:28 pm

Comments are closed