Wipfli logo
Healthcare Perspectives

Healthcare Perspectives


How to Create a Strong Password and Protect It

Jan 02, 2018
By: Jeff Olejnik

Passwords are naturally subject to many different attacks. Shared password conventions can increase the likelihood of passwords being guessed. Shorter passwords of dictionary words with few or predictable numbers (e.g., the year) and not using all types of complexity are easily cracked with freely available tools and inexpensive graphics cards. Using the same password for multiple accounts greatly increases the risk of a breach of many accounts after the breach of one.

Avoid your username, the same password with just a different digit, seasons, and other easily guessable aspects to your password. Instead, use a passphrase. A passphrase is a sentence that you can easily remember. The longer your passphrase, the stronger it is. Making your passphrase strong can limit the success of humans and/or computers in guessing your passphrase. Using only simple sentences is becoming less effective with the decreasing cost of consumer graphics cards, which allow up to 10 trillion guesses to be attempted each second. Always use strong, unique passphrases for each separate account secured by a password.

How to make a strong passphrase

We start with a normal phrase that means something only to us so we can remember it. Do not use common quotes from books or other cultural artifacts. Write it down, including spaces.

Super best phrase of pass that only I can remember

Add capitalization in odd places: SupEr best pHrase of paSs that Only I caN remember

Add numbers: SupEr7best90 pH32rase of paSs th00at Only I c4aN rem9ember

Add special characters ( !@#$)(*&%<>?”:{}|][,./;’ ): SupE$r7best90 pH32&rase” of paSs: th00at O,nly I c4aN re;m9ember

That looks too hard to remember so we’ll simplify.

SupE$r best90 paSs:

Finally, we should type it into a window that will not save our work but will allow us to read what we have typed a few times to engage muscle memory. Now that we’ve typed it a few times, we have an idea of how we’d usually mess up typing the passphrase, which we use as part of our muscle memory when typing out the passphrase. Destroy any written copy of this password-generation process that we started with. We now have a strong passphrase that we can remember.

Once you have created strong and unique passphrases for all your various accounts how will you remember this myriad of information? This is where a “password manager” application helps.

A password manager stores all of the passwords for each of your accounts, allowing you to remember only one strong passphrase used to access the password manager. Some passwords managers also have the ability to generate random passwords for you, then store those random passwords, and recall them on demand. Password managers generally use strong encryption to secure your “database” of passwords.

Here is a non-extensive list of password managers, as of August 29, 2017, from Wikipedia: https://en.wikipedia.org/wiki/List_of_password_managers

Recently, some hardware-based password storage devices, such as the Mooltipass (https://www.themooltipass.com/), have become available and can provide more secure, portable, and easily accessible password management.


Jeff Olejnik
View Profile
Healthcare Perspectives blog
Subscribe to Healthcare Perspectives