Building an ultra-safe password in six easy steps

Credit: Deepak Karuppannan Raja |

Building an ultra-safe password can sometimes be a hassle, but it’s usually worth it. Here are six tips that’ll help you put together the most-secure passwords.

Avoid personal information

“Good passwords have nothing to do with you, your children or pets,” said Dr. Phil Polstra, Professor of Mathematical and Digital Sciences, Bloomberg University.

Hackers can easily access your social media sites to figure out your name, date of birth and the names of your relatives or pets. Try to avoid using these things as inspiration for your next password.

Make sure to alternate the caps

Similarly, using a predictable sequence puts you at risk as this is much easier for a hacker to guess.

“Put your digits, symbols and capital letters spread throughout the middle of your password, not at the beginning or end,” says Lorrie Faith Cranor, FTC Chief Technologist and Carnegie Mellon Computer Science Professor.

“Most people put capital letters at the beginning and digits and symbols at the end. If you do that, you get very little benefit from adding these special characters.”

Don’t use patterns

Patterns are frequently used as passwords and can therefore be easily guessed by hackers. These include things like “123456”, “qwerty”, “abc123” or “111111”.

“People often include a row of letters from the keyboard, because they think it looks random,” says Cranor, “but actually keyboard patterns, whether left, right, or diagonal, are among the most easily guessed passwords.”

Credit: Georgejmclittle |

Avoid the dictionary

Hackers can utilize software programs that scan the dictionary for possible password combinations.

Darren Guccione, CEO and Founder of Keeper Security suggests to “avoid dictionary terms. Dictionary cracks guess passwords using lists of common passwords and then move to the whole dictionary. This is typically much faster than a brute force attack because there are far fewer options.”

Stephen Cobb, a Senior Security Researcher at ESET agrees, saying “I prefer not to use many real words in there”. He recommends a long sentence with a collection of upper- and lower-case letters, number and symbols.

Enable two-factor authentication

Two-factor authentication is a process by which users are only granted access to their applications after providing two or more pieces of evidence proving who they are. Evidence can include knowledge (eg a PIN or password), possession (eg an ID card or security token) and inherence (eg a fingerprint, face or voice).

“Don’t rely on passwords alone,” says Neil Wynne, a Senior Research Analyst at Gartner who focuses on business security.

“Passwords should not be considered sufficient for anything other than the lowest-risk applications.”

Instead, Wynne suggests adding a layer of more robust authentication, like cryptographic credentials, or a biometric identifier.

“By adding [extra authentication], a company could have a less strict password policy, like less characters or requiring password changes less frequently,” says Jackson Shaw, Senior Director of Product Management for Dell Security.

Don’t reuse passwords

Even an unauthorized party or hacker does gain access to one of your accounts, you can limit the fallout of a potential hack by using a unique password for each site you use.

“Even if you have an ‘unimportant’ password and an ‘important’ password tier, it’s very unsafe,” says Joe Siegrist, VP and GM of LastPass, a popular password manager. “It makes it way too easy for a hacker to attack one site and get your password to all the others.”  

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags passwordsecurity practices

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?