How to create a good safe password

Home » Help » How to create a good safe password

How to create a good safe password

If your password is short and/or only uses words, then you are an easy target.

My clients often ask me, ‘Why would they want to hack my website, my email or social network account?’, well here are the reasons.
‘They’, in this article refers to the hackers.
They want to hack your website to use the mail server to send anonymous spam.
They want to hack your website to add links on the code to their dodgy products.
They want to use your email account to send spam, find out more information about you, the bank you use, your date of birth, your mother’s maiden name, etc.
They want to use your username and password combination from one account to try and login to another service.
They want to reset your bank password by using your recovery email address so that they can login and take your money.
They want to pretend to be you on Facebook, to then message your friends and try and scam them, acting as you.

If you can’t see the reasons why someone may benefit from hacking your account, then ask yourself, “Why is there a password in the 1st place?”.
There are many reasons, even if they are not immediately obvious.

How to create a good safe password

1. Make it long
You are not up against a person who you think is never going to guess the combination of your dog’s name and the year you were born. How would they know, how could they guess that?
You are up against a machine, a computer. Who can try every combination and is VERY fast. So long is best.

By the time the hacker has tried every 8 character combination, it moves on to 9, then 10, then 11 character combinations and so on. each extra character makes things a lot harder for the hacker.

2. Make it easy for you
‘thisismyveryveryhardpassword’ is better than a single dictionary word plus a number (e.g. Arsenal67), simply because it’s longer. Each one is as easy to remember as the other.
3. Use upper case, lower case & numbers
‘THISismyveryveryhardpassword7’ is better, but it’s still easy for a human to remember but hard for the hacker.
4. Don’t put the numbers at the end
The ‘word’ then ‘number’ combination is a known method to hackers, so try the numbers in the middle somewhere like ‘THISismyveryvery7hardpassword’
5. Use some symbols
‘THIS!ismyveryvery7hardpassword’ is getting to the point where the hacker has no chance.
6. break a word
‘TH-IS!ismyveryvery7hardpassword’ really is getting to the point where the hacker has no chance as you have stopped simply using whole words, which hackers often try.

Obviously, don’t use the above password, it’s just an example, think of something easy for YOU to remember, then mix it up a bit, swap letters, add numbers etc, you need an easy method for you, but a hard method for the hacker.
Then test it using
And then test your old one! You will be surprised/horrified.

Dictionary & Brute Force attack methods used to crack passwords:

This is the hacker trying to guess your password using known password methods. The hacker has a list to save time…

  1. Is the password a single word from the dictionary? Why not try them all, it won’t take long.
  2. Is the password in the top 10000 commonly used passwords? Why not try them all, it won’t take long.
  3. is it a word number combination? Why not try them all, it won’t take long.
  4. is it 8 characters or fewer because EVERY (yes every) combination of 8 characters (upper/lower/symbols every combination) can be tried in a few hours by a regular computer. Why not try them all, it won’t take long.

If your password falls into one of the above categories, You should change your password.

Don’t be consistent

NEVER use the same combination of your email address and password (no matter how hard you make it) for multiple logins and websites.
If your username and password combination is stored somewhere in some database of some website you once signed up to, and that site gets hacked, then the hackers have a known pair of information. The hacker will then try the same combination on Facebook, Google, Twitter, Hotmail, PayPal, EVERYWHERE, and once they get into any of these, they can do a lot of damage.


Download a password manager, create an account, make the password hard, let it change all your passwords for a 30 character randomly generated passwords, forget all other passwords than the one you use to login to the password manager.

I use LastPass, it’s great. I know one password, LastPass knows the others.

Good Luck. You may not need it, but it’s better to know your options.