Question? Call Us 858-777-0040
Logo 01

How to Create Strong, Complex Passwords

How to Create Strong, Complex Passwords
Get your CPA firm aquanted with new FTC rules.

Read our latest eBook "The Accountant's Guide to the FTC Safeguards Rule"

Many daily data and system breaches around the world result from stolen, weak or reused passwords. Users need a password for almost every site and app they use now.

Our personal lists of them are becoming unwieldy, and it’s not uncommon for someone to have over 100 passwords.

But it’s easier than you think to crack commonly-used passwords.

As with the other recommendations in this series, you should adhere to these practices even if you aren’t required to. See the chart below for an idea of the speed of cracking based on a hacker “brute forcing” the password “hashes.”

Hive Systems created this well-known chart that shows how long a hacker would take to “brute force” their way into an account.

Generally, moving to the right, increasing password character length and complexity makes breaking the password progressively harder. This is the most recent version of this chart.

So What is Brute Forcing?

From Wikipedia:

“Brute-force attacks work by calculating every possible combination that could make up a password and testing it to see if it is the correct password. As the password’s length increases, the amount of time, on average, to find the correct password increases exponentially.”

Passwords are generally saved on servers and other computers as hashes, which are passwords run through a one-way program (or “function”).

Passwords are scrambled after running through the function to look something like this: 5f4dcc3b5aa765d61d8327deb882cf99 –which is the hash of the word “password” and since it’s one way, it can’t be reverse computed.

The hacker gets these hashes and runs them through  automated software that generates a large number of consecutive guesses as to the value of the desired data.

So the longer the password the longer it takes to break it and the better protection it will give you!

Some Guidelines

If you want to create strong passwords according to the chart above, you should follow a few guidelines. The rules below should apply to personal or business passwords and can avoid some password bad habits:

1. Use a minimum length of at least twelve characters and include at least one each of a number, an uppercase letter, a lowercase letter and a symbol, if permitted.

That will put you in the last column of the chart above and safely in the orange for 3000 years to crack.

2. Never use consecutive identical, all-numeric or all-alphabetic characters. As shown in the chart, using characters like this in a password makes it easier to break.

3. Never use words from a dictionary. Hackers may use a type of brute force attack called a dictionary attack, where passwords are cracked using a list of common words found in a dictionary.

4. Never use real personal data in your passwords, e.g. names, birthdays, phone numbers and other personal details.

5. Never use patterns in passwords.

6. Never use passwords that are easy to remember.

7. Never use real personal data in identity questions (hints) used for password recovery.

Next, we look at proper and safe password practices.


Tech Kahunas is a San Diego Managed IT Services provider which provides IT support and services like 24/7 monitoring, data backup and restore, and malware protection.

Tech Kahunas will help you Defend Your Island. Set up a free 30-minute Strategy Session with us now.

Get your CPA firm aquanted with new FTC rules.

Read our latest eBook "The Accountant's Guide to the FTC Safeguards Rule"


Leave a comment

Your email address will not be published. Required fields are marked *

Peter Bondaryk
Peter Bondaryk

Business Owner's Guide
to Cybersecurity
ebook business owner's guide to cybersecurity
Latest posts
Follow us

Get Our FREE Accountant's Guide to the FTC Safeguards Rule Ebook!

The New FTC Requirements
That Will Change the Way You
Do Business

Get Your FREE Copy!​

Sign up to learn how you can protect against cybercrime

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

If today your business was hacked and you were at risk of losing it all...
Do you have a plan?
We will not spam, rent, or sell your information.

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

Join our newsletter and get a 20% discount
Promotion nulla vitae elit libero a pharetra augue