Home / Windows 10

Creating Strong Passwords

In this tutorial we talk about techniques for creating, managing, and password-protecting user accounts, but before we get into the details, we provide some basic information on passwords in general. These tips are useful not only for passwords for user accounts, but for all types of accounts you create, including online accounts.

A password that's easily guessed is a weak password. A strong password is one that isn't easily guessed and is immune to password-guessing attacks. The two most common forms of password-guessing attacks are the dictionary attack and the brute-force attack. Both types of attacks rely on special programs that are specifically designed to try to crack people's passwords and gain unauthorized entry to their user accounts.

A dictionary attack tries many thousands of passwords from a dictionary of English terms and commonly used passwords. A brute-force attack tries thousands of combinations of characters until it finds the right combination of characters needed to get into the account.

Both types of attacks are rare in a home PC environment. They'e also easily frustrated by common techniques such as forcing a person to wait several minutes before trying again after three failed password attempts. Nonetheless, the general guidelines used to protect top-secret data from password-guessing attacks can be applied to any password you create. A strong password is one that meets at least some of the following criteria:

  • It is at least eight characters long.
  • It does not contain your real name, user account name, pet name, significant date (such as birthday), or any name that's easily guessed by other family members or co-workers.
  • It does not contain a word that can be found in a dictionary.
  • It contains some combination of uppercase letters, lowercase letters, numeric digits, and symbols (such as !, &, ?, @, and #).

We realize that few people need Fort Knox-style security on their personal PCs. You don't want a password that's difficult to remember and a pain to type. But any steps you take to make the password less easy to guess are well worth the effort. Some websites offer password checkers, programs that analyze a password and tell you how strong it is. Or go to any search engine, such as www.google.com, and search for "password checker."

Remembering passwords

The most common problem with passwords is forgetting them. When you set up a password for a website, you can usually be reminded what the password is by clicking an "I forgot my password" link at the sign-in page. But no such link exists for passwords that protect your Windows user accounts. Therefore, be sure not to forget your Windows passwords!

Before you password-protect a user account, take the time to come up with a password that you (or the user) can remember. Make sure you use exactly the same uppercase and lowercase letters that you'll be typing. Windows passwords are always case sensitive, which means the difference between uppercase and lowercase letters matters.

Caution:
On a typewriter, the number 0 is basically the same as an uppercase letter O and the number 1 is basically the same as a lowercase letter l, but that is not true of computers. You must use the 1 and 0 keys near the top of the keyboard or on the numeric keypad to type 1 (one) and 0 (zero).

Devising a password hint

With Windows passwords, you can specify a password hint to help you remember a forgotten password. But still, using hints is tricky. Anyone who uses your computer can see the password hint. So, the hint shouldn't be so obvious that it tells a potential intruder what the password is. For example, create a hint that triggers your memory of the password but doesn't repeat the exact uppercase and lowercase letters you used.

Writing down your passwords isn't a good idea because other people may be able to access them. But if you need to keep track of multiple passwords, consider using a password-protected Excel spreadsheet to store all your passwords. Then, you need to remember only one - the password for the Excel file. Alternatively, password-keeper applications are available to achieve the same result.

Tip:
If you decide to store your passwords in an Excel file, make a copy you can open on another computer in case your computer crashes or you forget the password to log on. Better still, get a secure password storage program you access from your computer or mobile device.

The bottom line on remembering passwords is simple: You have no margin for error. A password that's "sort of like" the one you specified is not good enough. It must be exactly the one you specified. You must treat passwords as though they are valuable diamonds. Keep them safe and keep them secure, but don't keep them so safe that even you can't find them!

That's enough general advice about passwords. Next, you need to find out about types of user accounts.

Tip:
As long as your account is an administrator account, or you have a separate administrator account that you can access, you can always reset someone's password on the computer if needed. You don't have to go through a password recovery process - just reset the password.

Picture Passwords

Picture passwords were introduced in Windows 8, and Windows 10 extends this new way to log in to your computer. Picture passwords are designed to be used with touchscreen PCs and tablets so you don't have to type in characters. Instead you choose a picture, draw a combination of three gestures on the picture that become your "password," and then save those combinations with that picture. You use those gestures to gain access to your computer, much like what happens when you type in a password on your keyboard.

Creating a picture password

You set up a picture password through the Accounts area in Settings. Click on the Sign-in options link and then click Add to display the Create a Picture Password dialog box. Type your user password and click OK to verify your password. Now you're now ready to select a picture and set up gestures to create the picture password.

Click Choose Picture and select a picture you want to use. Click Open to see the picture. Use any picture, for your picture password. It's time to draw the gestures to create the combination you want to use for the password. You can when you set up the gestures:

  • Position of the gestures
  • Size of the gestures
  • Direction of the gestures
  • Order in which you make the gestures

For example, on a picture of the flag of the United States, the following are suggested gestures:

  • Draw a circle around three stars on the flag.
  • Tap the lowest white stripe.
  • Draw a straight line from the top-right corner of the blue border down to the bottom of the lower red stripe.

As you draw each gesture, Windows does two things. First, it shows each gesture using a white outline arrow for straight lines, a white circle outline for circles, and a white dot for taps. Second, it shows the sequence of each gesture as 1, 2, or 3.

If you make a mistake, click Start Over and restart the gestures.

After you complete the gestures once, you must confirm them before they're saved. Simply repeat your three gestures. If you forget one, click Start Over and redraw the gestures - and be sure to remember your gestures this time!

When you successfully redraw the gestures in their correct order, click the Finish button. You're returned to the Users screen of PC Settings.

Testing your picture password

After you create a picture password, test it soon to commit the gestures to memory. To do this, return to the Windows Start and sign out. Sign back into your account, this time using the gestures on the picture that displays. After you draw the correct gestures of your picture password, you're presented with the Windows desktop and Start menu.