4 Tips for Creating Secure Passwords

Posted on October 3rd, 2022 by

In a previous article, I outlined four types of passwords you shouldn’t create unless you want your account hacked. Given how valuable your passwords are, it’s important that they be secure, yet not too hard to remember. Not only do passwords protect your e-mail account, your social media accounts, and any web services you use, but also many accounts linked to your credit card, such as your Amazon, eBay and PayPal accounts.

Here are four tips showing how you can create secure passwords:

Tip #1: Size Matters

With passwords, bigger is better. With the power of todays computers, a 6-character password can be cracked using “brute force” techniques – where a computer simply tries every possible combination of characters – in seconds. An 8-character password may take a few hours; 10 characters will take even longer. If you want to be really secure, go for 12 characters or longer. But also make sure that your passwords aren’t of the type that are commonly used, such as those listed on this Wikipedia page.

Tip #2: Variety is the Spice of Life

There are four types of characters you can use in passwords:

  1. lower-case letters (a, b, c)
  2. upper-case letters (A, B, C)
  3. digits (1, 2 3)
  4. “special characters,” which include punctuation (. ; !) and other characters (# * &)

There are 26 lower-case letters, 26 upper-case letters, 10 digits and, depending on the web site, as many as a couple of dozen special characters (some sites won’t let you use certain characters). If you create a password with 6 digits, there are a million possibilities. If you use, however, six lower-case letters, the number jumps to over 300 million. And if you use a combination of upper- and lower-case letters, you get 2 billion different combinations. Add in special characters and the number of possibilities is in the hundreds of billions.

Combine this with tip #1, using a longer password, and see these numbers expand faster than the universe during the Big Bang. If you only use letters and digits, an 8-character password can have as many as 200 trillion possibilities. Move to 12-character passwords and the number is so big I don’t even know how to define it (it’s 1023, plus a bit).

Tip #3: Create Unique Passwords

Here’s an easy way to create unique, memorable passwords that are impossible to crack. (Well, the NSA might be able to do it…) You can use a password like this for the user account on your Mac, which is very important: if anyone can get into your account, they can access a lot of your files and personal information.

To start with, you want something memorable. As an example, let’s say you’re a fan of the Game of Thrones TV series. You could create a password like this:


That’s 13 characters, so it’s fairly long, but it’s all lower-case letters. Let’s throw in a couple of upper-case letters to make it more complex, but not in the expected locations, such as the “g” or “t”:


That’s a bit better. But now, let’s spice it up with a couple of digits. These have to still be easy to remember, right? How about this:


And the addition of even one special character makes this much, much harder to crack:


This isn’t too hard to remember, but it could be a bit easier. So let’s just use one capital letter, one digit, and one special character; that’s more than enough to make it unbreakable:


You now have a password that is secure. According to the site How Secure Is My Password, it would take about 2 million years for a computer to crack this password.

It’s true that this password is difficult to type, but the next tip explains how to get around that.

Tip #4: Use Your Keychain to Store Passwords, or Use a Password Manager

While you have a really secure password, you still don’t want to use it on all your web sites. You can use the keychain in macOS and iOS to store passwords; this is what “remembers” passwords when you enter them in Safari, along with the passwords you use for Mail and other programs. You can also use one of many password managers available, but make sure that the master password you use for this software is as strong as the example above.

About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →