Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £29.99 £19.99. New subscribers only. T&Cs apply

Find out more

What Makes a Good Password?

In this video, you will learn the best practices regarding password management.
In this video, we’re going to take a look at what makes a good password. So first of all, a password is a great way to protect your account, and is generally one of the first lines of defence in order to keep people that don’t belong to your account from getting in. This includes things like getting into our mobile phones, computers, email, online banking accounts, social media, and whatnot. But what is a good password? So a password should be no less than 10 characters long, and we’ll take a look at that in a little while. Password should contain uppercase and lowercase, special characters and/or numbers in it. The password should not be a name of a common place or word.
Also, it shouldn’t be anything that would come up in your social media feed, things like your pet’s name, where you were born, your parents’ name, husband, wife, boyfriend, girlfriend, whatnot. Passwords should always be unique across all accounts, meaning your email password should not be the same as say your banking password. Pass phrases can be a good example of strong passwords. And they also tend to be easier to remember. And keyboarding patterns can be a good example of strong passwords. Know what I mean by that is, a friend of mine actually came up with a unique way to remember complex passwords– by, say, coming up with patterns on the keyboard. A smiley face, a snake, a circle, a letter, what not.
Creating patterns in the keyboard helps create random passwords. So that’s another strong way to create a strong password. But how long does it take to really crack a password? Well let’s take a look at that. So I’m going to go over to Kaspersky’s website here. And if you want to play around this,
you can find it at Now before we get to play around with this, as the notification says here, never enter in your real password. They don’t store or click passwords, but you still shouldn’t put it in here. So let’s try a couple out. I’m going to type in a password. OK, so it’s part of a widely used combination, so if someone brute forces with the home computer, it’ll take about a second in order to crack it. Well let’s type in “P@swzoord.”
Well that still takes about a second to crack. Why is that? So I said that you should include uppercase and lowercase and numbers and in password. The problem is if you use those to create a word– a common word especially– there’s programmes called dictionary tags. It actually uses a dictionary of commonly used passwords. And things have progressed enough where they oftentimes will substitute things like, well, they know people will use @ for A, or a 0 for O. So it’ll also use those in combinations to brute force a password. So not a good password. Now let me type in something kind of random here.
I’m going to type in “2F5twn,” So still a short password, still looking at six characters here. But it would take an average home computer brute forces in about three hours. So we’re making some progress here. Three hours for a six-character password. Now I did say 10 or more. So let’s add a couple more characters. Going to do to “PL99.”
So now we took it up to four years in order to crack that password from a home computer. So pretty safe password and it’s also completely randomised. Well, let’s try “TheQickBrownfox.”
So now we have a good, long password. It’s a common word– the quick brown fox. We are using common words. We didn’t try to add special characters in there. But it is a long, complex password. So this is going to take approximately 14 centuries for a home computer to crack this. So now you begin to start seeing, that the longer your password, the longer it’s going to take to crack. I added upper/ lower case letter. That added a little bit more complexity. Now let me play around this. I want to type in “Th3Br0nf0x.”
Now we look at four years in order to crack that password. Still a pretty long time. So as you see, having a long password– doesn’t have to be hard to remember, it could be a common phrase that you want to use– but the longer your password, especially if you had uppercase/ lowercase, it will take a lot longer in order to crack those passwords. And in the next video, we’re going to be taking a look at password managers and how we actually could help defeat a key logger. Thank you for watching. I’ll see you in the next video.

In this video, you will learn best practices regarding password management.

Once you have watched the video, review the following list of additional tips you can take forward:

  • the number of characters used in your password can make a huge difference to password strength
  • ensure you have a unique password for each of your different accounts
  • ensure you include an element of complexity by adding in a variety of characters
  • if you need to record your passwords, use a password manager
  • using patterns on your keyboard can help to create complex passwords

Reflect and share: Were you aware of what makes a password strong? If so, what practices were you aware of and are there any that are new to you? Share your thoughts below.

This article is from the free online

Cyber Security Foundations: Why Cyber Security is Important

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now