Identity 101: Creating Secure Password

Back to Blog
January 31, 2018
Mike Talon

We all hate passwords. Either you can’t remember them, or you re-use the same one over and over to avoid forgetting it. Trying to come up with new passwords is a never-ending battle against human memory versus the potential for someone to guess the one you have. So how do you create secure passwords, and remember them? 

There are a few ways I have personally found helpful, and I’ve rated each by using the tools found at – which you should also use to test out your own passwords! Please do NOT use the examples I give here. Remember this is a public blog and it’s a pretty good guess that bad actors will add these to their lists of passwords to try very soon. Take these as general guidelines and ideas, but choose your own actual passwords.

1 – Use sentences. Believe it or not, a password doesn’t have to be a single long word or a string of gibberish to be secure. Using a sentence, along with proper punctuation, can be really hard to beat. Let’s look at an example: “Hello, I love” is sixteen characters long, and would take approximately three septillion years to crack – and yes that is a real number. Since sentences are easier to remember than random words and can be changed easily for each site, this is one great method for generating more secure passwords across your accounts.

2 – Combine words together in non-obvious ways that you’ll still remember. The webcomic XKCD [] gave a brilliant example of this with “CorrectHorseBatteryStaple” – before it was posted on a wildly popular comic strip, it would have taken about 7 quadrillion years to crack, and I’d bet you remember it for years to come. Picking the right, and memorable, groups of words is something that will take some time but is well worth the effort.

3 – Use a password manager that generates unique passwords and remembers them for you. LastPass, OnePassword, and dozens of others exist; and are very easy to use. For a test, I ran “iftHzNdsxNfEdns6LuvwfeEg” (a randomly generated password from my own password manager) against the testing site and found out it would take eight septillion years to crack. The downside is that if you go this route you really need a password manager to help, as there’s no way any of us will remember even one of those passwords, much less the dozens we need to use every day.

Each of these three ways to generate stronger and more easily remembered (by you or by software) passwords can be applied to just about any site you visit or application you use. Some sites and apps will allow one (like the multi-word nonsense phrase) but not others (like a full sentence with spaces and punctuation); so you will have to mix up methods now and then. Also, remember most password managers can remember both random passwords you ask the software to create and those you create yourself – so they’re a very good tool to invest in. Finally, remember to use multi-factor authentication like smartphone apps or tokens and adaptive authentication wherever it’s offered, to make the password less likely to be a single-point of security failure.

Put together with multi-factor and adaptive authentication, any of these three methods will keep your information secure online and off. If multifactor authentication isn’t offered, complex passwords created by these methods are your best defense against people guessing your credentials. Just pick the method (or methods) that work best for you, don’t re-use passwords on multiple sites, and stay safe out there. 

Visit our Adaptive Authentication page or contact us to learn more.

Never Miss a Beat
Subscribe to Our Blog

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities


Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy


Workforce Identities

Govern and control access rights for employees, partners, and contractors

SecureAuth Authenticate App

Passwordless MFA client with
Symbol-to-Accept. Stronger security.

The Value of Deploying Multi-Factor Authentication in a Digital World

Value of Deploying Multi-Factor Authentication in a Digital World

Read this white paper to gain insights and understanding of why passwords create risk and blind spots for organizations and their users.


Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution



Financial Services


Energy and Utilities

Public Sector


White Papers


Analyst Reports



Recorded Webinars

Innovation Labs

Support Portal

Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth