You can lock every door and window of your house, but if you use a skeleton key the odds are pretty good someone is probably going to end up robbing you blind. The same is true of your passwords. If your passwords are not unique and unbreakable, you might as well open the front door and invite the robbers in for lunch.
A few years ago, Damien described a few ways to come up with strong passwords, like making sure you use special characters and that the password is at least 8 characters long. Still, creating a complex password is only half the job, the other half is actually remembering it.
And, is any password truly unbreakable? Not really, but in a recent interview with Bruce Schneider, Bruce referenced one of his blog posts about choosing a secure password. His advice was to take sentence and turn it into a password. His exact words were, “Choose your own sentence – something personal.”
This sounds like a simple concept, but even coming up with a sentence that you’ll remember can be as difficult as coming up with a password itself. About a year ago, Yaara offered some tips that could help you remember your passwords. The following are a few more tips that might help you develop passwords that are especially complex, nearly unbreakable, but also memorable.
1. Nursery Rhymes
One preferred method of coming up with complex passwords that pass every IT security policy out there – even those that require 15 character passwords – is the nursery rhyme technique.
The way this works is you choose one of your favorite nursery rhymes, capitalize the first letter of each sentence, replace certain letters with numbers, and follow that up with an exclamation point or some other symbol at the end. For example, take the nursery rhyme Little Boy Blue, which goes like this:
“Little boy blue, come blow your horn. The sheep’s in the meadow. The cow’s in the corn.”
Now you transform that replacing any “s” with “5” and any “L” with a 1 or a 7. Here’s the new password.
That’s an 18 character password that includes numbers, letters, uppercase, lowercase and at least one special character.
2. Favorite Line of a Song or Movie
A technique similar to that above uses famous movie quotes to come up with the password rather than nursery rhymes. There are actually very popular nursery rhymes people may use, that hackers could guess. Using a favorite movie line – especially one that is particularly obscure – will make this approach much more secure. You may also consider replacing characters with numbers that are not so easy to guess.
For example, lots of people would think to replace an “s” with a “5”, but if you choose a different number, it’ll be harder to guess. Replace every “s” with a 6 or 7 instead – easy to remember because they start with the letter “s”. You might also replace every t with a 3 using the same logic.
Using this new approach, you may start with the famous movie like from Al Pacino in the movie Scent of a Woman:
“If I were the same man that I was thirty years ago I’d take a flamethrower to this place!”
This quote then becomes:
This concept is basic cryptography 101, but it’ll at least provide a compromise between coming up with a password that is very difficult to hack, but also one that a normal human brain can remember.
3. Use Industry Lingo
One alternative of this is using very specialized industry lingo to come up with the phrase. Nursery rhymes or even movie quotes could be guessed with a computer algorithm running through as many possibilities as a computer can manage. However, industry-specific lingo is much harder to guess.
For example, if you’re a nurse, your phrase might be:
“The aortic coarctation led to an agonal response, BLS and finally intracerebral infarction.”
(I’ve no idea if that makes any sense, but you get the point).
Replacing “a” with 0 results in the following password:
This is only 14 characters rather than 18, but much harder to guess.
4. Personal Dates
An alternative technique to using sentences is using mostly numbers. Of course, random numbers aren’t exactly simple to remember either. However, one technique that I learned from my father (he used it for choosing lottery ticket numbers) was to go with important family dates.
Now, the first thing many people think is to use birthdays. Unfortunately, these days it’s far too easy for the savvy hacker to discover online. You need something a little more advanced than that. A good approach is to use dates of events only you would remember as important to you, but no one else would really know about. The day that you first took a roller coaster ride. The day that you kissed for the first time. The day your parents gave you your first bike.
Take the three dates that you are sure to remember, and line them all up in a row. Replace the slashes with a lower-case L, a space between dates with a “_”, and end with a special character like “!” or “#”. Such a password would look something like this:
This password is 27 characters, so it can only be used in systems that can handle very long passwords. If allowed however, it’ll allows you to have one of the most secure passwords possible.
5. Use a Keyboard Pattern
Here’s a fun password approach that uses the same technique as the smartphone login pattern. In this case, what you’re going to use is your keyboard. Draw some kind of recognizable pattern on your keyboard, and then use the letters and numbers as the password. For example, let’s say you create a pattern on your keyboard as shown below.
If you start this pattern at the number 3, it should be pretty easy for you to draw out the pattern each time. If it helps, you might even draw recognizable images or letters on top of the keyboard. In the case above, the password ends up as follows:
Using this approach, you can alter the complexity of the pattern to lengthen the password. A hacker could potentially run an algorithm through that would attempt every password possible on a keyboard by connecting every key to one another, so making the pattern as complicated as possible – such as going back and forth or making complex, diagonal lines – should make that kind of hacking much more difficult.
6. Establish a Rudimentary Hardware Key
The final technique that’s worth trying for an ultra-secure password is the hardware key approach. In most corporations, employees are provided with a hardware “token” or key, which has a digital number on it that changes at a regular interval. That number is used as one part of the login process.
In much the same way, you can print out and carry a card where you’ve written down part of your password pair. The other part of the pair would be the part of the password that you need to remember.
For example, your password might be “2BeOrNot2BeThatIsThe?” So, you would write down “ThatIsThe?” on a piece of paper, and this will remind you what your entire password is.
The value here is that even if someone finds the written portion of your password, they still won’t have the part of it that exists in your head. At the same time, it gives you a powerful tool to extract that part of the password out of your head when you’re having a bad memory day.
Ultimately – the password that you go with should be the one that works best for your situation. You can use any of the techniques above, or come up with one of your own, but the idea is to develop a password that is so unusual, with such a variety of character types, that hacking that password becomes a nearly impossible chore.