4 Steps to a Great Password

Categories: Lessons

Over the past months I have been thinking a lot about the best way for the SME to get secured. So a great starting point is a few “x Steps” articles, little things that can help the SME, and big business, be secure.


How many times have you heard people say “use a different password for each site”? Going through my bookmarks I have over 100 sites to which I have credentials for and most of them I change every couple of months. All of them are changed at least every six months or when the provider gets hacked. The great thing is, I do not have to remember 100 passwords, I only need to remember two. I use a wonder free tool called KeePass. Currently at version 2.35 at the time of writing, KeePass is available here. With KeePass, you remember one really good password and it remembers the rest. Now, you read that I need to remember two right? The first password is my corporate login and the second is for KeePass. So lets look at how I create a nice and secure password for KeePass.

Creating the Password

With KeePass, you want a very good, strong password. Strength is going to come from length and construction but I promise it will be easy to remember it.

Step 1: Special Character

You know the special characters. SHIFT + NUMBER. Pick one, any one. For my example I am going to use SHIFT+9 which is (.

Step 2: Four Disassociated Words.

You need four words that are not related to each other. For example, Liverpool Football Club Wins would be four related words and this is bad. You want four unrelated words. So for my example let us use:

Liverpool, Hillman, Cyber, Football

Step 3: Put it all Together.

Now the difficult bit. Put your special character between each of your words.


Now according to howsecureismypassword.net, that password will take 22 duodecillion years to crack.

Step 4: Optional bit, Add the Spice

Ok, on the surface that is a strong password. It is 87 bits and is, according the KeePass, in the green for password quality. But I want to add some spice to this so I dont really need to change it more than once a year, or when I feel it has been compromised. So lets add some Spice.

For the Spice I am going to add in a date.


Now we have a 111bit password which is 40 characters long and very easy to remember. For craziness I checked it on howsecureismypassword.net and it estimates it being broken sometime after the sun dies.