Personal Finance 
23
comments

How To Create A Strong Password You Can Remember

Email  Print Print  

Secure Password Example: Snakesonaplane!Everyone wants to be able to create ultra-powerful passwords, especially for their most sensitive accounts. It’s common knowledge that a strong password can go a long way to preventing identity theft.

However, no one wants to struggle to remember their most used passwords. If you have to resort to writing it down and keeping it in your wallet, doesn’t that defeat the purpose?

Finding the balance between strength and ease of recollection can be difficult. Luckily, there are several great techniques that we can utilize to help find that sweet spot. Before we discuss those, let’s review some basics of password strength:

Password Basics

Length – The majority of resources agree that your password should be at least 8 characters in length. Each site may have different limits on the length this allowed. In general, the longer the better.

Makeup – There are 4 different classes of characters that you should incorporate. Integrating all 4 classes will minimize the risk of your accounts being compromised. They are:

  1. Lower Case Letters
  2. Upper Case Letters
  3. Numbers
  4. Symbols (Especially ones that aren’t shift-alternatives for numbers)

Common Mistakes To Avoid

In general, stay away from the categories below. If you must use them, be sure to combine them with the techniques discussed later.

Avoid using basic personal information. This can include:

  • Names of family members, close friends, or pets
  • Birthdays, Anniversaries, Dates Of Birth
  • Social Security Numbers, Pin Numbers, Account Numbers
  • Current Or Previous Addresses, Phone Number

Avoid using you any portion of your Username. Variations of the Username are the first things generic password hacking software will attempt.

Avoid sequences. Ensure that you do not use ‘abcdefg’ or ’123456′. Also be weary of keyboard sequences, such as ‘qwerty’ or ‘asdf1234′ or even shapes like ‘rfvbnhyt’.

Avoid keeping default passwords. This is important because identity thieves can often find out how popular sites generate their random passwords (or at least the format). It’s essential to change these as quickly as possible.

Avoid complete words, especially common ones - The most basic password hacking software often checks databases of common dictionary words (even in foreign languages). No, spelling words backwards does not get around this, either.

How to Make A Kick-Ass Password

If you follow these tips, you will not only have a strong password but you’ll be known throughout the land as the one to go to when someone has a password in need of some bulking up.

Use Leet Speak – (|_ 337 $!*3@|<)
This can simply be described as substituting a letter in a word for either numbers or symbols. Wikipedia has put together a fantastic table, which displays basic substitutes for each letter. Here are the basic letter to number scenarios as outlined by Wikipedia:

  • 0 can be used for O (or D)
  • 1 can be used for I (or L)
  • 2 can be used for Z (or R and Ä)
  • 3 can be used for E
  • 4 can be used for A
  • 5 can be used for S
  • 6 can be used for G (or B)
  • 7 can be used for T (or L)
  • 8 can be used for B
  • 9 can be used for P (or G and Q)

However, using only numbers won’t create the strongest passwords. It’s important to use symbols (especially those that aren’t shift-alternatives for numbers) too. For example:

“Baker” can be turned into “|3 @ !< 3 )2″

Creating an Acronym from a Phrase
This is a common password technique that can really go a long way in helping you remember your password. It also does a great job at randomizing the sequence of letters. For Example:

I Love Rocky Road Ice Cream With Sprinkles” would morph into “ilrricws

Misspell Common Words
Most commonly you can use this technique to spell word phonetically, however any misspelling that you can remember will suffice. For example:

“Elite” might just become “Leet” - or - “telephone” could be spelled “telefone”

Homophones
Homophones are words that sound the same, but that are spelled differently. Not only do these make your password harder to guess, but they often can help you remember it, as well. For example:

“Bo Knows Football” could turn into “bownosefootball”

Combining Words/Dates By Alternating Characters

This strategy uses two or more words and dates and alternates them every other character. For example:

“jump & jive” could be “jjuimvpe” - or – “John2004″ would be “J2o0o0n4″

Putting It All Together!

For a real life example of how we can combine several techniques lets do a sample. Recently, I’ve began incorporating my goals into my passwords to help keep me on track. In addition, my wife and I have been planning to move to Australia for over a year now. Let’s start with:

Australia Is Gonna Be Totally Awesome” and then cut it down to “AustraliaIGBTA”

Next, lets misspell Australia by changing it to “AweStrYaIGBTA”

Finally, let’s hit that with some Leet… “@//3StrYa|G8T@

Does your head hurt yet?

Remember, you can simplify this process as much as you’d like. Even “@w3StrY@” would be an above average option. Use as many techniques as you can, while still feeling comfortable with the end result.

How Many Password Do You Need?

Obviously, the most optimal method is to have a unique password for each account. This would ensure that if one of your accounts became compromised you would not be at risk for even further damage. You can usually accomplish this by changing just one part of your initial “phrase”, if you utilize that technique.

Everyone’s situation is different, however I would guess that you have at least a couple very important accounts. Chances are your e-mail, financial data, and online banking accounts all contain very sensitive information. At the minimum, these should all have unique passwords. I personally have developed less stringent passwords that I use for several social media websites and other non-sensitive accounts. Once again this comes down to comfort level and risk tolerance.

What are your password bulking tips?

(Photo: slieschke)

I’m happy to announce that this post was accepted to the Cavalcade of Risk this week!

{ 23 comments, please add your thoughts now! }

Related Posts


RSS Subscribe Like this article? Get all the latest articles sent to your email for free every day. Enter your email address and click "Subscribe." Your email will only be used for this daily subscription and you can unsubscribe anytime.

23 Responses to “How To Create A Strong Password You Can Remember”

  1. alanschram says:

    I’ve read that one of the best ways to create passwords is to use a “system” for each individual website. A system would be a format that you use to determine what your password would be.

    A simple format would be to reverse your usename, or website. So your facebook password could become koobecaf. A more complicated one would include numbers, symbols, etc. As long as you remember your format, you’ll remember all your passwords.

    Personally, I use a format for each website, and then save it into firefox using a master password (so that I don’t have to remember them all individually).

    Check out lifehacker for more password hints/tips:
    http://lifehacker.com/search/password/

  2. Martha says:

    Baker, if I put down my tips, won’t people just be able to hack my passwords easier? Just jokin!

    I like to use numbers and letters shifted to their alternate values for my passwords. That helps me fulfill the Microsoft password change requests easier.

  3. Sure don’t give credit to the person who told you about adding goals to your passwords. ;)

    I use the same password for major accounts, and ones I check daily- but I add a minor variation so they are unique. That way I can incorporate my goals but make them secure as well.

  4. ZB Mowrey says:

    Here’s what I use…

    Pick a prefix of 2 alphanumeric characters; pick a suffix the same way.

    For each new site, choose a particular string from the site name, with the string being 4-5 characters in length.

    To create a password for a particular site, you would use {prefix}{string}{suffix}.

    For example, if my prefix were (and it’s not) cX and my suffix were 4v and I wanted to create a password for ebay, my password would be cXebay4v.

    To strengthen security, don’t pick the most obvious 4-5 characters. Maybe for ebay I might look at the website tag line and choose cXappa4v (appa coming from “apparel”).

    This system is weak only if an adversary gains possession of more than one of your passwords, which will make the prefix/suffix obvious. It will still require considerable attention to decide exactly which phrase/string was used on each site.

    On the bright side, someone who cracks only a single password is not going to be able to get into other sites using that password.

  5. Kyle says:

    You could also use your ipod for secure password creation. Just hit shuffle and then when a song comes up you know well use the first letter of the first 14 words for the password, substitute the number 2 for to and & for and. Poof super secure super easy to remember password.

  6. Berkshire says:

    As a software engineer I deal with data security on a daily basis. The system I use for my passwords I am quite fond of and it is very straight forward.

    In general it is a good idea to change your passwords over time. I do not have a hard time remembering a new number sequence every few months…so maybe that is why this works well for me.

    Sample password:
    022109.Xy

    The first six digits are actually a date (random and arbitrary, changes with time). It can be represented in any format (this one is ddmmyy but it could easily be yymmdd or any combination).

    Then a separator symbol (. in this case)

    Then your initials (X first initial y last initial). Note the difference in case which can also be reversed (xY).

    And that is how I make up my passwords!

  7. MLR says:

    I don’t go AS secure, but I do a little bit of password security.

    Random item + random item + 3 numbers + symbol

    eg StoneHammer725!
    eg WalletKeg257?

    It could be more secure, but it is more secure than a lot of people do I suppose.

  8. Mrs. Micah says:

    Somehow I can’t seem to abandon a series of random books I read when I was about 14. I use variations on character names w/733t spellings, twists, random numbers added somewhere in the middle/end and the occasional !%$ for kicks. (Though my website password is based on something else)

    They’re probably quite secure, it just bugs me that I haven’t been able to make my brain move onto a new series of sources. It’s likely they’re more secure now than when I figured started using them, since I don’t even own the books they’re based on.

    The default passwords at my workplace are really funny. I was just given tw!tt3r% — my first thought was “that looks familiar…oh.” Since everyone at work must know the habits of the IT staff, we don’t feel secure unless we change them.

  9. Travis says:

    There are some great ideas here. Too bad i have so many passwords it is going to take forever to change them all over

  10. barry says:

    I have so many passwords, there is no feasible way I could remember them all if I made each both Strong AND Unique.

  11. Dan says:

    Pick a prefix for all your passwords, then make a password to add to it. Make your prefix harder to guess with leet, shifting, randomization, whatever. You’ll remember it because you use it all over. Then the second part of your password can be a little easier but it’s important to always change it.

    This way you’re protected against dictionary attacks because you have a long password. Say your prefix is 5 characters and you choose an 8 character password, you’re up to 13 which is longer than most passwords. If someone gets your password to one site, they won’t be able to guess the password to another because the second part is always different. Even if they have your password to two sites they would not be able to get into a third so long as your second password is sufficiently unique. Also, since your first part is unique to you it is safer to use passwords that are site related (which isn’t a great idea, but it’s an especially bad idea to do alone).

    The real downside to this is that if you type your password around someone a lot they could catch on to your prefix, leaving only the weaker second part to guess. If using this means you can have unique passwords to every site then you’ll be better off than most.

    Another idea is to secure your computer as well as you can and use a password manager. Then use randomly generated passwords for your accounts. Make sure that the password to both your password manager and your email is strong but memorable, though. You don’t want anyone guessing a single password to get into all your accounts and you need the email to retrieve those impossible to remember passwords in case you lose access to your password manager.

  12. Matt Jabs says:

    I don’t have to use passwords.

    I just have Chuck Norris standing guard over all my personal information.

  13. My cousin works in IT and networking and taught me the same trick. This is a well put-together post; I gave it a StumbleUpon review. :)

  14. thomas says:

    replacing letters with numbers is good. Another trick is using the same root word – like m0v13 and then going through the numbers to add at the beginning or end, so m0vi301, m0v1302, etc.

    I just hate how some sites (yes you AMEX) limit the length to a count smaller than the minimum of others. Really messes up my consistency.

  15. Rajeev Singh says:

    Great tips on password… I like to keep a unique password for each of my accounts and this password is difficult to guess. I use alph numeric combination in my password.
    Serves me well!!

  16. Patrick says:

    So many people do not make secure passwords and this article gives a great overview on how to make one. It’s tough to remember so many passwords especially when some sites don’t allow you to have special characters in your passwords and others do.

  17. eric says:

    As much as I like the advice, I leave all of this work up to my super Mac program: 1Password!

    Seriously, it’s the best thing since slice bread. I create a master password encrypted on my computer and the program generates and saves all of the random passwords on any site I need. (And the passwords it comes up with are ridiculously hard.)

    Beautiful. :)

  18. Suzanne says:

    I am definitely going to put this to use. Great information!!

  19. Oscar79 says:

    First of all, I have to many passwords to different sites, it is quite hard to remember them all. I believe that picking a password is not that hard, the difficult thing is to remember them all. bank card, mobile phone, work codes, e-mail account etc…

  20. Splendor says:

    I like the acronym idea.

  21. What’s your take on creating a base passwords? Is it a good or a bad idea?

  22. Anonymous says:

    wow superb idea for beginners


Please Leave a Reply
Bargaineering Comment Policy


Previous Article: «
Next Article: »
Advertising Disclosure: Bargaineering may be compensated in exchange for featured placement of certain sponsored products and services, or your clicking on links posted on this website.
About | Contact Me | Privacy Policy/Your California Privacy Rights | Terms of Use | Press
Copyright © 2014 by www.Bargaineering.com. All rights reserved.