ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

How To Create The Best Passwords Hackers Hate

Updated on April 1, 2022

By Rachael O'Halloran

Published September 4, 2014

Are Your Passwords Secure?


Passwords And Password Reminder Question

Your passwords are pretty much the only tool you have in how to access and protect your information on certain websites. How you choose your passwords makes a big difference, whether it is a Facebook site, a blog, a game or a banking site.

Never make it easy for a hacker. But never make it easy for yourself either.

If your password is easy for you to remember, it could be easy for a hacker to access.

I've said it before, I'll say it again. Do not use the same password for more than one site.

Above all, don't use your email password for anything else.

Each site you go to, your password should be different. I hope that is clear. Different site, use a different password.


  1. Get a notebook at the Dollar Store and write all the info down - sign on email, screen name, password, security questions and answers. Include capitalization and special characters of the password
  2. DO NOT keep a Word file or an email with all your passwords and security answers on it. I'm not crazy about password vaults either. If there is a will to hack, there is a way to hack.
  3. Every time you change a password, make it a point to remember changing it in the notebook.


When you choose a password, make it strong and make it long.

The best passwords are those which make no sense, are not a real person, place, thing, or an actual word.

Passwords should have some upper and lower case letters, as well as numbers, symbols and special characters. Passwords should not follow any set pattern or order.

Many sites want passwords with at least one capital letter or to start with a capital letter. Typically they allow 26 spaces for a password. You don't have to use all of them, but it is more secure to use them all.

Do not choose your pet's name, no matter how unique the little guy's name is. It is the easiest to hack. Hackers use lists of the most popular pet names (dogs, cats, birds, etc.) Here's a popular list of the Top 100 - see if your pet's name is on it: Dogtime

If you must use your pet's name because it is something you will never forget, then get creative with it. Say your dog's name is Bailey, which is the second most popular name on the list.

Try doing this:


  • The first letter is capitalized as per the site rule, then with no rhyme or reason use a number every other letter, but go random, not in numerical order - mix them up. Add some symbols or underscores and your password is looking harder and harder to crack.
  • Throw in extra capital letters.
  • Now go write it down so you don't forget!

I am not a fan of websites offering a password generator where it spits out random words and letters. But it is good when it tells you the strength of each one.

If you can't think of a password after reading this article, then use a password generator. Here's one that is easy to use:


The Sentence Method

Another way to get the best password is to think of a sentence that you will remember, but is not so obvious that it can be guessed. Try to stay at 26 words, including years (each digit takes up one space). Here's an example:

The happiest day of my whole life was the day my son was born in 1985.

Now, type the first letter of each word to make a password like these examples with random capital letters, adding the year at the end.

  • Thdomwlwtdmswbi1985 - first effort - now try it with random capitalization
  • THdoMwLwTdMsWbI1985 - second effort - now add some symbols where the letters are.
  • T#doMw&wTdM$WbI198$ -now write it down!

Let's try another one.

My daughter is having a baby on September 30 and I'm so excited.

Take the first letter of each word again to make a password like this one with random capital letters and symbols.

  • MdI#AbO$30_AI$E - all I did here was capitalize every other letter, add dollar signs for each "S" and a number sign for the H. I put an underscore before the word "and" You can put in more, but the underscore in this instance stands in for the word "and."

Make up any sentence, poem, song or phrase you wish, just as long as it's not Happy Birthday To You. (most popular as of 2013 survey)

Try to keep your end result at 26 letters. If you don't want to use a dollar sign for the S's, use another symbol.

Write it all down in your Dollar Store notebook so you have it.

Each time you change your password, go back to the notebook and make the change.

If ever you forget to write down the change when you give yourself a new password, you will have first hand experience with frustration when you try to remember where you put all those $$ and ## and __.


Password Reminder Question

Often your password screen will offer a password reminder question.

The answer cannot be your password. It is meant to be something to remind you of what the password is.

As in the above example, Bailey is the dog's name but you have numbers in it.

So the security question "What is the dog's name?" could be answered with "first page of notebook" which is the "reminder" of where to locate the password.

So write down that question and answer as well.

These are different from your security questions that are used to verify your identity, which is discussed in a separate article.


If Your Password Is On This List, Change It!









letmein (Let Me In)






















Do The Two-Step!

If a site offers a two-step process for verification of your identity when you enter your password, TAKE IT!

This is usually done to access an email account, but Google and other websites are using it too. It will only be a matter of time before it is so prevalent that one step password setups will be a thing of the past.

The two-steps might be a drag sometimes, but it is an added layer of protection. Here's how it works after you have followed the setup directions in the following video:

  • 1, Let's say you are trying to access your bank account online. You have entered your password. This should not give you access to your account. If it does, your two-step is not set up properly.
  • 2. In the setup previously, you have already decided if you want to answer a question on screen or if you want their system to send you a text message to your cellphone, to your email inbox or a voice message to your home phone. Usually it is a 4 to 6 digit code for you to enter on the screen in order to access your account.
  • 3. Entering the code tells them that you are you and there is no doubt to your identity.

If you are using the two-step for website which is not your email site, it is never a good idea to have the text sent to your email because once your email is compromised (i.e. hacked), you will never get the text they sent. This is because you no longer have control of the email account. The hacker got the text in your email and now has it to access the website in question.

Don't store your phone number on any accounts.

Don't even send an email to yourself with your security questions, answers, password changes or phone numbers. Get a notebook at the Dollar Store and write it all down in there.

What I like about the two step process is this:

If I am not the person signing on to my account and the text comes to my phone with the code, instantly I am alerted that someone is trying to sign on to my account. I am able to get on to my account and change the password immediately.


No Cellphone? No Problem!

This next video tell how to set this up without a cellphone.

If you do have a cellphone, this option is especially useful

  1. if you are watching how you spend your data minutes,
  2. if you don't have data capabilities, or
  3. if you have used up all you data minutes for the month.

Two Step Verification Without A Cellphone


1. Never click YES when the popup asks you to save your passwords. A hacker will have no challenge at all because you gave him easy access.

2. To keep your passwords strong, you have to keep them updated. At the first sign of anything fishy - a strange email, your mouse looks like it has a mind of its own moving around the screen or going in directions you are not aiming it, an alarming amount of spam - change passwords now. You don't have to get drastic, just make simple changes to the passwords you have now changing symbols, adding numbers, make them go backwards, etc.

3. Change the order of the special symbols.

4. Change the upper case letters to lower and the lower case letters to upper.

5. Make your sentence read backward instead of forward.

6. On the password, I like to make the first 4 digits the date I changed the password. And I like to add the last two digits as letters of the site.

  • For example, if I changed the G Mail password on September 1 using the password sentence: My daughter is having a baby on September 30 and I am so excited - it can look like this:


I hope you found this helpful. Please see my other articles on password safety and security question and answers.

What Do You Do?

How do you keep track of your passwords?

See results

© 2014 Rachael O'Halloran


This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

Show Details
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
ClickscoThis is a data management platform studying reader behavior (Privacy Policy)