How To Create The Best Passwords With The Least Effort

passwordBy Ron Benvenisti. Many of us use the most obvious information for our passwords. Birthdates, kid’s names, sports teams and all kinds of things that can easily be figured out by using simple guesses to sustained brute force hacking. This is true of our email passwords, banking and other online services and even at work.

Creating great passwords is really pretty simple. One of the great quotes in the information security field is:

“Of course my password is the same as my pet’s name.
My macaw’s name was Q47pY!3, but I change it every 90 days.”

Sort of says it all but of course it doesn’t really work that way. There are proven and simple rules to follow to create strong and unique passwords for all your accounts. These basic rules will keep them different for each account but easy to remember.

The first rule is to create what might be called a password baseline or foundation. This will be the basic and easy to remember phrase that you will use to create your strong passwords. This phrase must have a mix of uppercase and lowercase letters, numbers, and even a symbol or two. Don’t panic, it’s not that hard, you’ll be surprised at how easy this is and how secure it is.

Let’s “Build” a Really Strong Password

First you will pick a phrase that you can easily remember. You don’t have to think about making it obscure. You can be creative like using a foreign language phrase in Yiddish, Hebrew, Spanis or whatever, just use English characters to spell them. A good example would be “potato kugel”. Sounds yummy, let’s go with that.

It satisfies rule number two which is, a password must be at least eight characters and should not have any proper names, birthdays, hometowns, schools, pets, kids, etc. Our example phrase meets these requirements (unless, of course, your name is Kugel, you might want to impersonate a Knish). It’s easy to do impersonations online, but I digress. Let’s get serious again. Don’t use a single word and just change some of its characters to symbols — hacker tools can sail through those in less time it takes to take a bite out of the Kugel, or Knish or whatever. Go for a passphrase with multiple words strung together as we said (so pick a potato latke, Mr. Finicky) — do not pick a single word password. Hackers try every word in the dictionary on your password in nanoseconds so make it a “passphrase” with at least two words.

We’re Not Done Yet – This is the Good Part

Now you’ve pick a passphrase, you will stick it together in a single word (potatokugel), and then add a few capital letters that are easy to remember (PotatoKugel). Great. Now spice our passphrase foundation with a few random characters to keep things challenging for the hackers. Here’s an example: (Pot@t0Kuge1). Did you catch that? The “a” in Potato became an “@” and the last “o” became a “0” (zero); the last letter in Kugel went from an “l” to a “1”. Still with me, it’s not too hard to grasp, no? Piece of cake, errr… Kugel. Lukshen Kup.

Remember this because this is going to be your base password which will always be used to build the really killer password, which will still be easy to remember. Hang in there, this can save you’re identity and protect your privacy. So now you’ve got this passphrase memorized I’ll show you how to use it as a master key that will allow only you to unlock any of your email accounts or on any Website. You just need to follow one more simple rule.

Let’s Get to the Really Bulletproof Part

To create the most secure password possible, I’m going to show you a simple pattern to add to the passphrase to generate a unique password for every account you have. Stick with me because this is where it gets really interesting and requires the most attention.

For example, always use the first and fourth letter of a Website’s name stuffed into the middle of your passphrase, capitalizing the first letter while leaving the fourth letter in lower-case. So that Amazon becomes “Az” That means your account would have the unique password Pot@t0AzKuge1, while your Wells Fargo account password would be Pot@t0WlKuge1.

Use this pattern and you will have a unique alphanumeric password for every website and email account you have. Easy to remember but pretty impossible for any hacker to figure out. Switch it from first and fourth letter to other letters, start from the last letter of the URL – just be consistent so you remember the pattern.

Even so, remember that there is no such thing as the “perfect password”, but using your own unique passphrase following these simple rules will go a long way toward keeping your identity and privacy beyond the reach of hackers.

This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 20,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.


  1. Swell idea. I guess I’ll need to use @1teLa$ew00der b/c feste chulent doesn’t leave enough variations to the bean counter. If you’re a good jew “always throw in an extra $ for savings”

    For Mr. Potato Kugel it might be easier to add the gematria and mispar koton of each one, use the roshei teivos, sofei teivos and the koillel and dash in the numbers in between capitalizing an O in the middle for the greasy oil and starting with a “z” for the zaftige rayoin.

  2. I can’t stress enough the importance of creating a unique password for each site. There are unfortunately too many websites out there that store the users passwords in PLAIN TEXT (no encryption) and if you use the same password everywhere, viola, that company now has your email address and password, which will give them access to all of your data. No hacking needed!

    A side note, if you ever forget your password, and you click “forgot my password” and the site emails you your password back in plain text, they’re doing it WRONG!! When using proper encryption techniques (hash + salt) they should have NO way to go back to your original password.

  3. @4: Excelllent points. If you do forget your password and they send it to you via e-mail, and don’t force you to change it when you do login, change it yourself right then and there (like the article instructs you to do) as soon as you log in. In fact you should change all your passwords according to the instructions in the article. Thank you, Bumi.

  4. Alte Lakewooder: Thank You! Because of you, now I have to change ALL my pa$$word$. Zest!

    Lukshen Kup: My bad. I can’t tell you what I was doing, but all of a sudden the numbers changed. My apologies.

    BTW I am available for card parties and other occasions, I’m cutting back on Brochos for obvious reasons.

  5. Just a heads up with what happened to me.
    After 15 years with the SAME password for (one of) my email, I suddenly noticed during the winter that someone had “hacked” my email account and was sending out “strange” emails from my account to everyone on my contact list!
    Needless to say I quickly changed my password. I took a 10 character word and interspersed it with a 10 digit phone number (putting 1 number or 2 after one or two characters).
    After that my account was fine. (Thankfully they did not copy out any of my info. Looks like all they did was generate an email and steal my conact list).
    My problem now is, HOW to remember it???
    Anyway, now, some 4 months later, I can ALMOST remember it!
    Thanks for the tips.

Comments are closed.