Passwords are the most commonly used identity verifiers, yet many people struggle with creating ones that are truly secure. In this article, we’ll show you how to create a strong password using a unique nine-rule algorithm, transforming simple phrases into secure, unbreakable passwords. Whether you’re looking for strong password tips or secure password creation methods, this guide will help you enhance your online security.
What do the following passwords have in common?
- 7lhPhbnt$12rvn9
- bbRkjng$13bbrr7l9
You may quickly identify the following:
- Both passwords appear to be randomly generated
- Neither password contains words or phrases
- Both passwords contain the character types commonly required by password rules in systems
You would be correct in these identifications; however, what you may not realize is that both of these passwords come from simple two-word phrases that have been processed by a nine-rule algorithm to generate these very different passwords. To illustrate the power of the nine-rule algorithm, consider the following three passwords, also generated by the algorithm:
- 7Lm$13njghgmbrhy
- 9Wj0ch$12hjgg7
- fpRr790$12grvmp
The Problem with Common Passwords
Most people use easy-to-guess passwords based on personal information, making them vulnerable to attacks. To enhance your online protection, you need to understand how to make your password stronger and less predictable.
You see, passwords are the most commonly used identity verifier and most passwords are poorly created, resulting in passwords like the following:
- TomCarpenter72$
- $Vikings2Win
Both of these passwords meet the common requirements of systems but are far easier to guess if they are Tom Carpenter’s passwords. Of course, Tom Carpenter is his name, and he was born in 1972. His favorite NFL team is the Minnesota Vikings. Anyone who knows him may be able to guess these passwords.
The nine-rule algorithm with a simple two-word phrase
Now, consider the primary components of these passwords (Tom Carpenter and Vikings Win) as inputs to our nine-rule algorithm. The result is the following passwords:
- 0pM$12cbrp7n0hr
- vjKjng9$10wjn
Even though hints of the original input text remain (for example, cbrp7n0hr has visual reference to carpenter and vjKjng9 has visual reference to vikings), these hints are most obvious to the one who already knows the input text. Additionally, most attacks against passwords are based on dictionaries (long lists of thousands or millions of commonly used passwords) processed by computing systems to crack passwords and this similarity in visual observation is not beneficial to most such cracking scripts and applications.
Step-by-Step Transformation Example
What are the nine rules applied to the input text in our algorithm? They are as follows:
- replace first ‘e’ that occurs with a ‘7’
- replace all other ‘e’ characters with an ‘h’
- move all other vowels one letter forward in the alphabet
- replace the last ‘s’ that occurs with a ‘9’
- replace all other ‘s’ characters with a ‘y’
- replace the first ‘t’ that occurs with a ‘0’
- replace all other ‘t’ characters with a ‘g’
- capitalize the second consonant in the input text that is not impacted by the above rules
- count all characters, not including spaces, and replace any spaces with this total preceded by a $
These rules may seem daunting at first; however, when used regularly, creating a password from two- or three-word input phrases becomes simple, and the resulting passwords are strong and resistant to most dictionary attacks. They are also long enough to resist brute force attacks (trying every possible character in every position at several allowable lengths, such as 10-, 11-, and 12-character passwords).
To see this algorithm in action, consider the following input text and then step through the algorithm with me: horse jigs
- replace first ‘e’ that occurs with a ‘7’ = hors7 jigs
- replace all other ‘e’ characters with an ‘h’ = hors7 jigs
- move all other vowels one letter forward in the alphabet = hprs7 jjgs
- replace the first ‘s’ that occurs with a ‘9’ = hpr97 jjgs
- replace all other ‘s’ characters with a ‘y’ = hpr97 jjgy
- replace the first ‘t’ that occurs with a ‘0’ = hpr97 jjgy
- replace all other ‘t’ characters with a ‘g’ = hpr97 jjgy
- capitalize the second consonant in the input text that is not impacted by the above rules = hpR97 jjg
- count all characters, not including spaces, and replace any spaces with this total preceded by a $ = hpR97$9jjgy
The resulting password, hpR97$9jjgy, is eleven characters long and includes lowercase letters, uppercase letters, digits/numbers, and a special character. Most experts estimate that such a password would take many years to crack on average.
Why You Need Your Own Algorithm
Now for the most important part of this article: you should not ever use the nine-step algorithm presented here. Instead, you should create your own algorithm. Through much testing, I have determined that a seven-step algorithm is about as small as you can implement and still has random-like passwords. Additionally, I would not go beyond ten or eleven steps as it becomes too complicated.
Given that most systems require you to change your passwords periodically, the benefit of the method presented here is that you can use input text that is memorable and still have a strong password that is resistant to attacks. The first 7-10 times you use the password to authenticate, you will have to work through the algorithm again. You’ll quickly remember the password, allowing you to enter it easily each time. Therefore, you will only need to use the algorithm to create the password, the first few times you enter it (assuming it is a system you use daily or multiple times per week), and you will then have it memorized until the next required change.
Don’t Just Create a Strong Password
Hopefully this article will help you to create more secure passwords that are also easier to recall and remember without sacrificing security. Don’t leave your cybersecurity to chance. As you’ve learned, creating strong passwords is a crucial first step, but it’s only one piece of the puzzle. To truly secure your business and personal data, you need a comprehensive approach to cybersecurity.
The AACSP CyberSecure course empowers you with the skills and knowledge to protect against evolving threats, from password security to advanced cyber defense strategies. Equip yourself and your team with the tools to stay ahead of cybercriminals. Enroll in the CyberSecure course today and build a safer digital future.