Creating Stronger Passwords

Before reading this quick post, please check a password similar to one of yours (but not a real one!) here or here.

How long would it take for the Tianhe-2 Supercomputer to crack it? 2 seconds, 3 minutes, 18 days?  I hope yours was at least a week, but luckily most hackers and bots do not have supercomputers.  So how does it rate against the Conficker botnet?  Hopefully at least a day, that would give you enough (barely) time to change a few passwords if you knew you got hacked.

I’ve told countless friends and family members over the last few years that I maintain dozens and dozens of strong passwords, and I could recite any of them on the spot (obviously I wouldn’t!).  The usual reaction is “nuh uh”, or “what?! how?”.  And I get it, passwords are not fun, so instinct tells most of us to just enter something quick and easy.  I mean, it’s not like anybody wants to hack me right, I’m broke!  That is completely false, information is money nowadays so anything is better than nothing.  Heck, even “legitimate” big companies like Google, Target, or even your local grocery store are looking for ways to farm as much information about you as possible!  Ever go to a store and they ask for your phone number?

Yeah, that’s completely unnecessary in my mind too.

But that’s just the tip of the iceberg, and drifting into another topic.  So how do I create a strong yet easy to remember password, that’s the whole point here right?  Alright, I’ll tell you a method similar to what I’ve been using for years.  Keep in mind that it isn’t the most secure, but all my passwords would take a proficient bot weeks if not years to hack.  If I were to get hacked I would have plenty of time to reset and shuffle them around.

It’s all about having a system, and sticking to it.  Here’s an example:

A FaceBook password: Ferocious%7102(Bimbos

But wait a minute, aren’t regular words insecure?  Yes, kind of, well, yeah it depends on how you use them.  If your password is password or ilovecake then yes that would take a bot less than 5 min to crack.  Okay, so why would it take a supercomputer ~3 months to crack Ferocious%7102(Bimbos?


That’s it, you’ve got uppercase letters, symbols, numbers, and 21 characters.  So what makes it easy to remember?


This drawing I did on a white board should clear it up a little bit:

Example Password System
  • F comes from Face, and people on FaceBook can be Ferocious
  • B is for book, and I think you can guess where Bimbos comes from.
  • The number 7102 is backwards for 2017, the year you last changed your password.
  • And the symbols are from a set you chose to stick with.

Basically you pick a few letters that associate with the services name, a number that’s related to the password or service, and a set of chosen symbols in between them.

Here are a few more examples, with unique systems in place (and their supercomputer crack time):

ServicePasswordTime to Crack
Wells FargoFatcat_Wankers&*(6235 hundred quadrillion years
SpotifySuperfluous-Preferences#778 nonillion years
SteamSurf_The_Ever_Amounts_Of_Media**201764 quindecillion years

Unfortunately, Steam only allows 30 characters last time I checked, but nevertheless that is a strong password that would be easy to remember.  I am not going to explain the system behind each of these examples, I’ll leave that up to you for pondering, either now, later, or never.  But the main point is that each has a system, that if stuck to will provide you much stronger passwords than the average persons.

Now, I do want to stress one point about this whole thing; this password system is not perfect.  It could be improved in many ways if you’re feeling creative.  Examples include:

  • Use more symbols
  • Reverse each word
  • Letter / Symbol swap (E=3, but carefully selected!)
  • Letter Count ( Ferocious%9Bimbos(6 )
  • Letter Position

Of course, you could skip all this and use a service like LastPass, and only have 1 password to rule them all!  I personally don’t use it, but it’s been highly recommend by other developers I know (who know a bit about encryption and security).


Don’t use: Dummy123 as a password, instead use 12^Dummy#Funny&21