Passwords: Are Words Better Than Random Letters?

Passwords: Are Words Better Than Random Letters?
This bad ass eye-popping colorful illustration was created by the pop artist diberkato based in Marília, Brazil. You can support their art here

Creating and managing strong passwords is a fundamental key for internet security, but remains a challenging task for many users who cannot break their bad habits of recycling the same password for multiple accounts. Because of these poor password security practices, attackers exploit them compromising personal and organizational security, which leads to more data breaches and cyber-attacks that continue on the rise. I created a list of password security measures to prevent this.

Adopting the strategies below can enhance password security and should be considered for improving personal and organizational cybersecurity.

What are some words people should use or avoid?

Words that people should use for generating their passwords are:

  • A password must contain upper case letters i.e. letters from A-Z.
  • Password should also contain a lowercase letter (a-z)
  • Numbers from 0-9 should also be part of the password.
  • People should use symbols like ~`! @#$%^&*()_-+={[}]|\:;"'<,>.?/ while generating their password.
  • Users should use pronounceable syllables to make up words that are easy to remember and are difficult to guess.
  • Substitute lowercase or uppercase letters with special characters such as replace s with $ or 1, I or! For I etc. Some of the Other substitutions of letters with special characters that need to be considered are:
  • @ or A for a
  • 7 or T for t
  • 3 or E for e
  • 9, G or 6 for g
  • 0 or O for o
  • 8 or B for b
  • Replace codes or words with other words e.g. insert numerals between original words.

Words that people should avoid while generating passwords:

  • Avoid using simple dictionary words because such passwords are easily guessed, and are vulnerable to dictionary-based and brute force attacks. For example do not use your name, pet name, or simple words such as dog, cat, football, etc.
  • Avoid using your name, account name, organization name, technical jargon, common names of people, places, network names, etc.
  • Make sure that your password is not related to your personal information such as your name, family member’s name, your social security number, birthday, etc.
  • Do not use words that are easily guessed such as using ‘’password’’ or ‘’user123’’.
  • Users should avoid using password combinations of keyboard keys such as ‘’asdfghhjk’’, ‘’QWERTY’’, or ‘’123445678’’ as they are easily crackable.
  • Never use the password you have picked for your email account.

What's the best way to create a password?

The secret behind creating a password is that it should be unique and easy to remember, which means that a password must be hard to crack and memorable. Below are some strategies used by cybersecurity experts to create strong passwords, which are hard to crack and are easily remembered by its users.

  • Create a long password containing a minimum number of 12 characters i.e. your password must be at least 12 characters long. Most cybersecurity experts prefer to create passwords that have more than twelve characters. The longer the password, the more secure it will be.
  • One of the best ways to create a password is to add variety to the password‘s string i.e. your password should contain capital and small letters, symbols, and special characters. This will make it harder for the attackers to crack it using a dictionary and brute-force attacks.
  • Avoid using sequential letters or words that are commonly used. Avoid using information that contains your personal information such as name, pet name, date of birth, etc.
  • Avoid using sequential keystrokes of keyboards.
  • Use the "revise a paraphrase method" while creating your password. Use common and bizarre words such as historical names or words you know in foreign languages. Add random characters in the middle of the password paraphrase.
  • Use the sentence method also known as the "Bruce Schneier Method" for generating your passwords. In this method, a random sentence is used to create a password by using simple rules. For example, take your favorite sentence and use the last two letters of each word used in the sentence. But make sure that the sentence that you use is personal and cannot be guessed.
  • Storing passwords on your PCs or email will put your password security at risk.  Use professional and registered password managers to create, manage, and store all of your personal and business accounts’ passwords.
  • Another best approach while creating a password is to always use a unique password for each account and never reuse any of them. This is because if malicious actors guess the password of one of your accounts, they will not be able to compromise your other accounts if they try to access them. But if the user reuses a password for all of their business or email accounts, chances are high that cybercriminals will use that single password to compromise all of the user’s accounts.
  • Another way to enhance the security of your account is to use two-factor authentication which prevents cybercriminals from accessing your account, even if your password is stolen. Two-factor authentication is a security protocol other than passwords that ensures user identity before a user logs into his/her account.

Why are words better than random letters for passwords?

A user must generate a password that is strong, difficult to guess, and easy to remember because passwords are like keys to your account. Cybersecurity experts prefer words or paraphrases instead of using random letters for passwords because randomly generated passwords are difficult to remember, and there is a high probability that users will not be able to remember them for a long time. This means that the user will record it either offline or online. Storing a password either online or offline will make it vulnerable to theft, loss, or destruction.

This means that the use of random letters for a password will enhance password security by making it difficult for malicious actors to guess it. On the other hand, it will also make the password vulnerable to theft, destruction or loss if the user records it either offline or online.


Password security is imperative to prevent malicious actors from accessing users' or organizations' accounts which can become compromised for nefarious purposes. By implementing strong password security measures, nightmare scenarios can become prevented. One of those measures is especially critical for users and organizations to practice: do not reuse the same password for any of your accounts. The good news is, many of them are simple and easy-to-follow.

Originally published at SecJuice

Passwords: Are Words Better Than Random Letters?
These good password strategies can enhance your bad password security habits.