A straightforward one-to-one substitution cipher, such as a common cryptogram, is the most easily broken. If you plan on sending messages this way, you may want to try using some tricks to prevent your message from being intercepted by an outside source. Here are a few ways to combat unauthorized decoding.
Re-spacing: One of the most popular methods of thwarting a would-be decoder is to eliminate the normal spacing of words. As "I" and "A" are the only common one-letter English words, their presence makes it far too easy to begin decoding a message. Writing down letters in groups of five will keep word lengths a mystery until after the letters have been decoded.
Spell words incorrectly: By recognizing repeating sequences of letters, decoders can get a foothold sniffing out common words such as "the", "in", "and", etc. Misspelling words can not only alter words' lengths, but also erase these patterns. Instead of writing "the", the message writer can spell it a different way ("de", "teh", "ze", "da", "thuh") each time. A decoder also searches for double-letters, which can be eliminated this way.
Employ a null cipher: Chances are good you weren't going to use every last letter in the alphabet in your message. Probably Q is unnecessary, or could just be replaced with C or K instead. Use the coded symbol for Q throughout your message to confuse: place in between double-letter sequences, turn a one-letter word into a three-letter word, and so on. It's best not to use it for every word, though. Try to limit it to every second or third word.
Start with nonsense: Make up four or five nonsense words to begin a message with. This way, if an interceptor thinks they've figured out the code, they'll go to the beginning and find themselves disappointed to find their solution makes no sense. It's best not to just use strings of "QXXQ ZQXQZ XXZX QQ" or the like, otherwise the ruse will be quickly spotted.
