Creating Secure Passwords


Chidinma works with The Way Forward (NGO) to help locate sponsors of girl prostitution. She received several failed login attempts to their Facebook page but she isn't worried. She has enabled a 2-step verification for all their social media accounts.


Passwords — especially those not supported by two-step verification — are your last lines of defense against prying eyes. This guide will help you understand how those passwords are exposed, and what you can do to keep them locked down.

How are passwords exposed?

  1. Someone’s out to get you. 
  2. You become the victim of a brute-force attack. 
  3. There’s a data breach. 

What makes a good password?

Ideally, each of your passwords would be at least 16 characters, and contain a combination of numbers, symbols, uppercase letters, lowercase letters, and spaces. The password would be free of repetition, dictionary words, usernames, pronouns, IDs, and any other predefined number or letter sequences

Creating secure passwords

Create a phrase like “I hope Nigeria will win the FIFA World Cup  in 2016!” Then, take the initials of each word and all numbers and symbols to create your password. So, that phrase would result in this: IhNwwtFWCi2016!

Also, make sure to use a mix of letters, numbers, and symbols in your password.For example, a password with numbers, symbols and mixed-case letters like Alph4b3t@ (“Alphabeta” scrambled with numbers and symbols) is harder to guess.

Many password managers like LastPass or Dashlane also have built in password generator tools.

Enable two-step-verification

Any time a service like Facebook or Gmail offers “two-step verification,” use it. When enabled, signing in will require you to also enter in a code that’s sent as a text message to your phone. Meaning, a hacker who isn’t in possession of your phone won’t be able to sign in, even if they know your password.

Here’s a detailed list how to set up two-step verification for many popular websites.

Keeping track of secure passwords

The logic is simple: if you recycle the same password (or a variation of it), and a hacker cracks one account, he or she will be able to access the rest of your accounts.

You can’t be expected to memorize dozens of complicated, 16-character-long passwords but you can use a password manager to help you store them safely and encrypted.


Using a password manager

Password managers store all of your passwords for you and fill out your log-in forms so that you don’t have to do any memorising. There are many options available, but a few crowd favourite are LastPass, Dashlane and 1Password.

The tiny caveat is that you’ll still have to memorize one thing: Your master password. This unlocks all your other passwords. Make your master password extra-secure by composing it of at least 12 characters to ensure that it’s not vulnerable to any brute-force attacks.

Continue the conversation.

Visit to post comments and get advice from a community of security experts

Summary steps

  • Create a mix of letters, numbers, and symbols in your password. For example, Alph4b3t@ (“Alphabeta” scrambled with numbers and symbols) is harder to guess.
  • Always use 2-step verification for all your online accounts that require you to login. For example, Facebook, Twitter, Gmail, Instagram and Online Banking accounts.