How to select a good password


A few days ago Splash Data published a list with the worst passwords where as expected you can find words such as ‘password’ , ‘123456’, ‘dragon’, ‘sunshine’, etc. As obvious as it might be not to set your password to ‘password’, many people still do - taking the chance of anyone guessing their passwords and gaining access to their accounts and services. The focus of this article is teaching the readers and MochaHost’s clients on how to create a stronger password.

Selecting a good password is critical and it depends at parts on the product for which the password will be used.

For our MochaHost products & services the following minimum criteria must be meet:

• Linux Web Hosting with cPanel control panel: the password requirement is a minimum length of 6 (six) characters.

• Windows Web Hosting with WebsitePanel control panel: the minimum password length must be 8 characters one of which must be a number.

• For our Windows Web Hosting – email server Smarter Mail the requirement for email password is at least 8 characters in length and a maximum of 20; other requirements is at least one special symbol, and a combination of upper and lower case letters.

• For our Windows Private JVM (Tomcat) manager NGASI you will need to select a password with at least 8 characters; the password needs to include also special symbol.

As you can see from these requirements your “good password” at the very least should be 8 characters long.

Below are some good practices on how to pick a strong and more secure password for your products and services:

1) Find a word that has a certain meaning for you and then replace all the vowels with special symbols and numbers – for example ‘a’ with ‘@’, ‘o’ with ‘0’, etc. This replacement doesn’t have to follow any rules available on the net, as long as you are able to remember it.

Do not be tempted to use the numbers on your phone to replace the letters. Though this technique is part of the Leetspeak (replacing letters with numbers) it is pretty easy to be hacked. And in any case, do NOT use your username or your first name as a base for your

passwords! I know it is tempting, but this is the first thing a hacker would try if decided to break your account.

For example: grapefruit becomes Gr@p5fru#t … not bad, right?

2) Select a password length with which you feel comfortable with. You will be requested for at least 6-8 symbols in most of the cases, so pick a pass longer than that. The rule of thumb is that the longer the password, the more difficult it is to be hacked. The most common length is 8 characters, but you should try to make it longer if possible (and if you can remember it). A good and is way to extend the length of your pass it to add numbers to it. Make sure that the sequence of numbers is easy for you to remember, and do not use your birthday as a sequence or the last 4 digits of your phone (since it can be easily guessed) – you can pick a date or a number that has some meaningful for you, for example the year in which you bought your first car or you have started your first job.

For example: bicycle could become B#cycle2003 (don’t forget to include at least one special symbol and one upper case letter)

3) Another often recommended method is shortening a sentence into a word. How does this work? You make up a sentence which is very easy for you to remember and then you take the first letter or the first two letters of each word and create your “good password”. You can even create your own algorithm – for example you can take the first and the last letter of each word, or the first letter from

the first word, the second from the second word and so on. The only limitation here is yourself and with which codes you will feel most comfortable. If you decide not to substitute a letter with a number, you can always add one at the end.


For example: ‘My first pet was named Jessy’ becomes m*ftptwsndJ*1

4) Once you have shortened your sentence in a single word, you can create different combinations and use them for different services/accounts

For example: the word m*ftptwsndJ*1 can become “m*ftptwsndJ*1fb” or “m*ftptwsndJ*1gmail”

5) Instead of shortening words you can simply add couple of words together using a special symbol. For example: Jessy and orange can become “J52sy&0r@ng5″. Here I have used & as the link between the words and have replaced ‘e’ with 5, ‘a’ with @, ‘o’ with ‘0’ and the double ‘s’ with 2s which is one way to represent double letters.

6) Use upper and lower cases – you can pick a word such as “grapefruit” and you can change every second letter to be capital. In this case “grapefruit” will become “gR@P5FrU#T”

7) Use misspelled words – especially if you tend to make a mistake when entering your password, you can take advantage of this.

For example: grapefruit can easily become grapwfruti, which will turn into gr@pwfrut#1

As a summary to be considered good password it has to be at least 8 characters long; contains both upper and lower case characters, and has special symbols and numbers in it. It’s a good advice not to keep your password stored in your computer or on a piece of paper because you never know in which hands it might fall into. Try to memorize one strong password, and use different variations of that password for different accounts. If you can trust your memory the best way will be to have different passwords for your most important accounts and even better to change

them on a regular basis. How many passwords you would have mainly depends on the risk you are willing to take and on the number of passwords you feel comfortable remembering.

In any case, I think that we all agree that we should not use the word ‘password’ for any of your services and online accounts. If you are in love with this word and insist on using this word, only a couple of changes are needed and you can end up with your “dream” password. For those of you, who have very complex passwords, good job; for the rest, now is the perfect time to change your existing passwords so that nobody can crack your accounts, or at least make it very difficult to do so.

Just so that I can support the above password examples , I have tested each of them with the Password meter tool from – here the results of these tests:


Password Score Complexity
Grapefruit 8 Very Weak
Gr@p5fru#t 93 Very Strong
Gr@pwfrut#1 91 Very Strong
gR@P5FrU#T 98 Very Strong
Bicycle 8 Very Weak
B#cycle2003 100 Very Strong
m*ftptwsndJ*1 99 Very Strong
m*ftptwsndJ*1fb 100 Very Strong
J52sy&0r@ng5 100 Very Strong
Password 8 Very Weak
P@2sW0Rd 84 Very Strong

Now that you know how to select a good password we recommend that you take your time and update all of your account service passwords. We do strongly encourage all of our clients to pay specific attention to the following passwords: Control Panel, FTP, Email, Database, and at highest importance to any remote management services such as SSH or Administrator RDP access (for VPS and Cloud Clients).

We hope that you find this article useful. We would love to hear your comments and feedback in the comments section below.

Posted by Adeeb Monday, April 15, 2013 7:46:00 PM Categories: IT Security