Unforgettable passwords

By J. Carlton Collins, CPA

Q. What are the minimum criteria for creating a strong password?

A. Microsoft provides a Password Checker website, where you can enter the password to check its strength, an example of which is pictured below.


To achieve the maximum strength, Microsoft’s password checker requires at least 14 characters containing at least one of each of the following types of characters: an uppercase letter, a lowercase letter, a number, and a special character. As added security, most experts also recommend that passwords not contain your username, real name, company name, or complete words; that each password be unique; and that all passwords be significantly different from previous passwords.

Because the above rules result in a bevy of passwords that are difficult to remember, I use a different approach that you may want to consider. All of my passwords start with the same lengthy prefix, such as a childhood telephone number, for example, 9126364242 (this is not the actual prefix I use). Next, my passwords all include the name of the account, such as Delta, Amazon, or AICPA. Finally, each of my passwords ends with a four-digit personal identification number (PIN). The results are strong lengthy passwords that I have a good chance of remembering, such as the examples shown below (which are not my actual passwords):

Delta account password:      9126364242delta7543

Amazon account password: 9126364242amazon9312

AICPA account password:    9126364242aicpa2209

Using this approach, the bold PINs are all I need to remember, and because hackers don’t know the actual lengthy prefix I use, these passwords are very strong. With 263 active passwords on my list, this structured approach gives me a fighting chance of remembering many of them. Because uppercase and special characters are more difficult characters to type (especially on a smartphone device), I avoid these types of characters unless they are required. 

J. Carlton Collins is a technology consultant, a CPE instructor, and a JofA contributing editor.

Note: Instructions for Microsoft Office in “Technology Q&A” refer to the 2013, 2010, and 2007 versions, unless otherwise specified.

Submit a question

Do you have technology questions for this column? Or, after reading an answer, do you have a better solution? Send them to jofatech@aicpa.org. We regret being unable to individually answer all submitted questions.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.