The Jack and Jill Guide to Creating Passwords

Many people know that you should always set a strong password when registering for a computer system, but what does that actually mean?

A strong password should be easy to remember but hard to guess, and there are a few things that you should and shouldn’t do.

Firstly, the password should use a mix of characters. Not only can you use lower case a-z, upper case A-Z and numbers 0-9, but most systems (including Forum 2020) will allow you to use what are deemed ‘special’ characters such as !”£$%^&*()_-+=;:@’~#<,>.?/. This means that each character in your password can be one of a possible 26 (lower case) + 26 (upper case) + 10 (numeric) + 26 (special) = 88 characters.

Secondly the password should be a minimum of 12 characters in length and up to 16 or 18 is reasonable. The reason for this is that if you have a two character password, then there are 88 x 88 = 7744 combinations – assuming that, as above, there could be 88 possibilities for each of the two characters. By the time you get up to 8816 possibilities, no human and probably no computer is likely to guess your password.

Thirdly, the password should not contain words that are in the dictionary or recognisable names – particular not the name of your house, children or dog etc. as these are just too easy to guess.

Fourthly, the password should be unique and not the same as you’ve used in other places.

So, given all the constraints I’ve mentioned earlier, how on earth do you come up with something that’s easy to remember but hard to guess?

The best recommendation that I’ve seen is to notionally divide your password into two parts: a prefix and a suffix. The prefix can be the same for all your passwords everywhere so as it’s easy to remember, and the suffix is specific to the particular system you’re using.

Looking at the prefix, the best idea is to use the initial letters of a phrase that you’ll easily remember. It can be a quotation from or opening words of your favourite play, book or poem, or just something that’s meaningful to you. So, for example, if you have a son named Jack and a daughter name Jill, it wouldn’t be wise to use something like ”JackJill” as anyone that knew anything about you might guess it quite easily. However, if you use the initial letters of every word in the phrase “my son’s name is Jack and my daughter’s name is Jill” you’d end up with a password prefix of “msniJamdniJ”. To the outsider it looks like gobbledegook, but it’s something that you can probably remember quite easily.

As for the suffix, assuming you are going to use the password for Forum 2020, you could just add the suffix “2020”, giving you a potential password of “msniJamdniJ2020”.

Going back to the rules highlighted earlier:

  1. Although the sample password has a mix of uppercase, lower case and numeric characters, it doesn’t have any special characters. The easiest way to achieve this is to slightly modify your prefix, for example using the “@” sign instead of the “a” to give a prefix of “msniJ@mdniJ” , or adding an extra special character such as “^” at the end to give a prefix of ” msniJamdniJ^” .
  2. Because your chosen prefix is 11 or 12 characters, you’ve easily come up with a password that meets the requirements of a minimum of 12 characters.
  3. There are absolutely no recognisable words in the password.
  4. Thanks to the suffix, this password isn’t used anywhere else.

So there you have it: a password of “msniJ@mdniJ2020” or “msniJamdniJ^2020” for Forum 2020, which is strong, looks completely random and difficult to guess, but is actually not that difficult to remember.

Return to Password Reset
Return to User Guide Contents