How to Create a Safer Password

A short password, or one using a name or a word in a dictionary, can be easily cracked by computers. And simply adding "@" for the letter "a" isn't going to fool the bad guys.

Here's cryptographer and computer security expert Bruce Schneier's advice on using and managing your passwords.

1. Use a "passphrase": a sentence you can remember. Then replace each word of the phrase with its initial, a similar digit or symbol, or, at random, use a whole word.

For example:


m d N8 w @ r ! h s

The new password is mdN8w@r!hs. (Don't use this one, though.)

2. That may still be tough to remember. If you need to, write a reminder and hide the paper somewhere safe. But write the phrase or a hint, not the password.

3. Generally, if you have a strong password, you don't need to change it unless you suspect you've been hacked. But don't use the same one for different services.

Categories: Articles, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.