Creating Strong Passwords
Made by Stacy Martin, Senior Data Privacy Manager at Mozilla.
Practice several strategies to create strong passwords that protect you online, learning about security and privacy.
Did you know that many people create passwords based on the things they love? According to Dr. Lori Cranor’s research, we tend to think about things we like (or love) when we create passwords, but that can make them easier for other people to guess, too. How can you make strong passwords that aren't linked to the things you love? In this activity, you'll explore different ways to generate strong passwords and learn about the pros and cons of each.
Create a Passphrase
Passphrases are random combinations of four common words. They tend to be hard to guess, but easy to remember.
Try this passphrase generator.
You can also do this offline by selecting four random common words from the dictionary and putting them together. Discuss what you can do to make sure the words are really random.
Mix and match parts of speech, as well, to further randomize your pass phrases. Try a pattern like noun, verb, adjective, noun, and then try another one with a different order of parts of speech.
You can draw yourself a picture to help you remember your pass phrase, as well. This one is correct-horse-battery-staple.
Diceware is another pass phrase generation tool. Diceware provides a list of almost 8,000 English words, preceded by 5 digit numbers. You roll a pair of dice 5 times to generate five numbers. Then you match the numbers you rolled to the corresponding words in the Diceware list. Those words become your new passphrase. You can keep rolling several more sets of numbers and words to make your pass phrase longer and less crackable.
Create a Pronounceable Password
Use this password generator and selecting "pronounceable." These tend to be easy to remember and harder to crack because they do not contain words that can be found in the dictionary. Wait 5-10 minutes (go on to the next step and then come back) and without looking, write the pronounceable password you generated. Were you able to remember it?
Create a Random Password
Use this password generator and selecting "random." These are harder to crack, but also harder to remember. Wait 5-10 minutes (go on to the next step and then come back) and without looking, write the random password you generated. Were you able to remember it?
Create a Basic 8 Password and a Basic 16 Password
Create at least one basic 8 (must have at least 8 characters) password and at least one basic 16 (must have at least 16 characters) password. Think back to what you know about creating strong passwords as you make these passwords yourself. Use these questions to help you:
- Should you add one or more digits (numbers)? Did you know that if you put a digit at the beginning of your password, it's better than no digit, but not as good as having a digit in the middle?
- Should you add one or more symbols? Did you know that of 32 symbols, most people use the exclamation point, so if you use a less popular symbol, your password may be harder to guess?
- Should you use a mix of capital and lower case letters? How can this help make your password harder to guess?
- Have you tested the strength of your passwords using a password meter?
How do hackers steal passwords?
Watch this short video: What Makes a Good Password?. How do hackers use computers to crack passwords? According to the video, which method buys you the most time? Based on what you've learned, which password creation method do you plan to use?
Do Your Own Password Research
Create a password survey. Ask others for information about how they create passwords. Don’t ask them for their actual passwords, but ask questions such as these listed below. Feel free to add additional questions of your own. Document the responses people give you. What did you learn about people's password creation habits in general?
Sample Survey Questions
- How long is your password?
- Does it have a digit?
- Does it have a symbol?
- Do you write your passwords down?
- Do you reuse your passwords?