6 Tips For Creating An Unbreakable Password That You Can Remember

6 Tips For Creating An Unbreakable Password That You Can Remember

Ads by Google

You can lock every door and window of your house, but if you use a skeleton key the odds are pretty good someone is probably going to end up robbing you blind. The same is true of your passwords. If your passwords are not unique and unbreakable, you might as well open the front door and invite the robbers in for lunch.

A few years ago, Damien described a few ways to come up with strong passwords, like making sure you use special characters and that the password is at least 8 characters long. Still, creating a complex password is only half the job, the other half is actually remembering it.

And, is any password truly unbreakable? Not really, but in a recent interview with Bruce Schneider, Bruce referenced one of his blog posts about choosing a secure password. His advice was to take sentence and turn it into a password. His exact words were, “Choose your own sentence – something personal.”

This sounds like a simple concept, but even coming up with a sentence that you’ll remember can be as difficult as coming up with a password itself. About a year ago, Yaara offered some tips that could help you remember your passwords. The following are a few more tips that might help you develop passwords that are especially complex, nearly unbreakable, but also memorable.

1. Nursery Rhymes

One preferred method of coming up with complex passwords that pass every IT security policy out there – even those that require 15 character passwords – is the nursery rhyme technique.

passwords2

The way this works is you choose one of your favorite nursery rhymes, capitalize the first letter of each sentence, replace certain letters with numbers, and follow that up with an exclamation point or some other symbol at the end. For example, take the nursery rhyme Little Boy Blue, which goes like this:

“Little boy blue, come blow your horn. The sheep’s in the meadow. The cow’s in the corn.”

Ads by Google

Now you transform that replacing any “s” with “5” and any “L” with a 1 or a 7. Here’s the new password.

“7bbcbyhT5itmTcinc!”

That’s an 18 character password that includes numbers, letters, uppercase, lowercase and at least one special character.

2. Favorite Line of a Song or Movie

A technique similar to that above uses famous movie quotes to come up with the password rather than nursery rhymes. There are actually very popular nursery rhymes people may use, that hackers could guess. Using a favorite movie line – especially one that is particularly obscure – will make this approach much more secure. You may also consider replacing characters with numbers that are not so easy to guess.

For example, lots of people would think to replace an “s” with a “5”, but if you choose a different number, it’ll be harder to guess. Replace every “s” with a 6 or 7 instead – easy to remember because they start with the letter “s”. You might also replace every t with a 3 using the same logic.

passwords3

Using this new approach, you may start with the famous movie like from Al Pacino in the movie Scent of a Woman:

“If I were the same man that I was thirty years ago I’d take a flamethrower to this place!”

This quote then becomes:

“IIw36m3Iw3yaI3af33p!”

This concept is basic cryptography 101, but it’ll at least provide a compromise between coming up with a password that is very difficult to hack, but also one that a normal human brain can remember.

3. Use Industry Lingo

One alternative of this is using very specialized industry lingo to come up with the phrase. Nursery rhymes or even movie quotes could be guessed with a computer algorithm running through as many possibilities as a computer can manage. However, industry-specific lingo is much harder to guess.

passwords4

For example, if you’re a nurse, your phrase might be:

“The aortic coarctation led to an agonal response, BLS and finally intracerebral infarction.”

(I’ve no idea if that makes any sense, but you get the point).

Replacing “a” with 0 results in the following password:

“T0clt00rb0fii!”

This is only 14 characters rather than 18, but much harder to guess.

4. Personal Dates

An alternative technique to using sentences is using mostly numbers. Of course, random numbers aren’t exactly simple to remember either.  However, one technique that I learned from my father (he used it for choosing lottery ticket numbers) was to go with important family dates.

Now, the first thing many people think is to use birthdays. Unfortunately, these days it’s far too easy for the savvy hacker to discover online. You need something a little more advanced than that. A good approach is to use dates of events only you would remember as important to you, but no one else would really know about. The day that you first took a roller coaster ride. The day that you kissed for the first time. The day your parents gave you your first bike.

passwords5

Take the three dates that you are sure to remember, and line them all up in a row. Replace the slashes with a lower-case L, a space between dates with a “_”, and end with a special character like “!” or “#”.  Such a password would look something like this:

“10l08l86_03l14l94_09l06l98#”

This password is 27 characters, so it can only be used in systems that can handle very long passwords. If allowed however, it’ll allows you to have one of the most secure passwords possible.

5. Use a Keyboard Pattern

Here’s a fun password approach that uses the same technique as the smartphone login pattern. In this case, what you’re going to use is your keyboard. Draw some kind of recognizable pattern on your keyboard, and then use the letters and numbers as the password. For example, let’s say you create a pattern on your keyboard as shown below.

passwords1

If you start this pattern at the number 3, it should be pretty easy for you to draw out the pattern each time. If it helps, you might even draw recognizable images or letters on top of the keyboard. In the case above, the password ends up as follows:

“3waxcvgy7890-=”

Using this approach, you can alter the complexity of the pattern to lengthen the password. A hacker could potentially run an algorithm through that would attempt every password possible on a keyboard by connecting every key to one another, so making the pattern as complicated as possible – such as going back and forth or making complex, diagonal lines – should make that kind of hacking much more difficult.

6. Establish a Rudimentary Hardware Key

The final technique that’s worth trying for an ultra-secure password is the hardware key approach. In most corporations, employees are provided with a hardware “token” or key, which has a digital number on it that changes at a regular interval. That number is used as one part of the login process.

passwords6

In much the same way, you can print out and carry a card where you’ve written down part of your password pair. The other part of the pair would be the part of the password that you need to remember.

For example, your password might be “2BeOrNot2BeThatIsThe?”  So, you would write down “ThatIsThe?” on a piece of paper, and this will remind you what your entire password is.

The value here is that even if someone finds the written portion of your password, they still won’t have the part of it that exists in your head. At the same time, it gives you a powerful tool to extract that part of the password out of your head when you’re having a bad memory day.

Ultimately – the password that you go with should be the one that works best for your situation. You can use any of the techniques above, or come up with one of your own, but the idea is to develop a password that is so unusual, with such a variety of character types, that hacking that password becomes a nearly impossible chore.

Image Credits: baby crib via ziviani at Shutterstock, s_bukley / Shutterstock.com, Nurse making call via Monkey Business at Shutterstock, Riding a bike via Brian Jackson at Shutterstock

Ads by Google
Comments (63)
  • Roch

    Can someone point me to information on why a sentence with multiple words separated with spaces is easier to break than nonsense patterns without spaces (something I have heard in multiple articles like this one)? I know a dictionary-based brute force attack can solve for single words, but when there is a multi-word string, how does the password cracker know that they got one word correct in the sentence? Doesn’t the cracker have to get all the words correct, in the correct order, to successfully match the encrypted password string they have stolen? So, if I use a sentence with real dictionary words and spaces that becomes a 40+ character password, how is this easier for the password cracker program to break than any other 40+ character string?

  • Moazzam Shahid

    There’s also another site called http://www.mystrongpassword.com/
    Its simple and fast for generating random, secure passwords.

  • John W

    Nursery rhymes are quite common to many hundreds of thousands of people. I’d rather call on the vast store of song lyrics in my head. Even better if you have misheard the lyrics in your yoof and have been singing the wrong words for 20 years. Even when you’ve been told the right words many times!

    If a site limits you to 8 or 12 characters or won’t take symbols don’t forget to complain loudly.

    Also, many of us use acronyms, jargon and part numbers in our workplace that are meaningless to others. I use obsolete transistor and chip part numbers.

  • android underground

    Passwords in the cloud don’t work if the cloud service is offline. Passwords on your device don’t work if you have to log in on a device that is not yours.

    Passwords in your head always work, no matter where you are, no matter if your password cloud service is online or not.

    One password for things that are not important, and a handful of unique password for those email accounts and financial services that really matter.

  • Guy M

    I type my new password in a word processor program and change the font to something with icons like wing dings. Then I copy that and past it into the password field on the site I’m signing up for. Hack that!

    (This has been a troll comment. This won’t really work. Don’t waste your time responding either.)

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.