7 Ways To Make Up Passwords That Are Both Secure & Memorable

Ads by Google

secure passwordsOff the top of your head, how many different passwords do you have? If your answer is 10 or less, you must be using the same password for different services, which puts you at risk. On the other hand, I counted 146 passwords stored in my password manager, and that doesn’t include ones I use on an everyday basis and therefore never bothered to add. If something happened to my password manager, these passwords will be lost. There’s no way in the world I’m going to remember them all.

Having a different password for each service is a must in today’s online world, but there’s a terrible weakness to randomly generated passwords: it’s impossible to remember them all. But how can you possibly remember hundreds of passwords? The human brain is only capable of so much, isn’t it?

Three years ago, Tina wrote a fantastic post about creating good, secure passwords that are easy to remember. The post includes some excellent tips, and I highly recommend that you read it too. Today, I’m going to re-visit this important subject, and fill you in on some priceless tips and tricks on creating strong, solid passwords that are impossible to guess, but will nonetheless be easy to remember.

What Makes A Password Safe?

This should be obvious to most by now, but no article about passwords is complete without it. Read these criteria even if you think you already know them, it never hurts to make sure!

  • It must be at least 8 characters long.
  • It must not contain easily guessed information such your birth date, phone number, spouse’s name, pet’s name, kid’s name, login name, etc.
  • It shouldn’t contain words found in the dictionary.
  • It should contain special characters such as @#$%^& and/or numbers.
  • It should use a variation of upper and lower case letters.

The Base Password

secure passwords

Ads by Google

The trick to remembering a large number of passwords is having a base password you change according to the service you’re signing up to. The idea of the base password is by no means a new one, and I’m sure most of you already know all about it. To me, the real challenge is finding a good base password I can actually remember. While most suggestions for a strong base secure password include changing letters to numbers and symbols (i changes to 1 or !, s changes to $ or 5, etc.) and changing the spelling of known words (love becomes luv, to becomes 2), I find these methods confusing. This way of writing doesn’t come naturally to everyone, and you may forget what you replaced your letters with.

If this method works for you, by all means, go ahead. Choosing a strong base password like “spooner”, changing it around to become $p0on3r, and attaching the service’s name to it will work great. If you’re looking for other original ways to generate a strong base password, here are some great ones.

Use A Favorite Book

choosing secure passwords

This is probably my favorite method of all, and can be really fun if you like books. Choose a book you own in paper format, open it on a random page, or find a paragraph you especially like, and locate a word you can use as the base for your password.

For example, I used Charles Dickens’s Oliver Twist. I turned to page 109 at random, and found the word “jocularity”. This is the 4th word on line 33 on this page, and therefore my base password can be 109jocularity334. You can use a paragraph number instead of line number, if you wish, and play around with the numbers to place them in a way that’s easier for you to remember. For good measure, you can add some symbols in strategic place.

You can even go ahead an mark the word in the book with a pencil, to make sure you can find it again if you happen to forget the password. Just don’t keep the book next to your computer!

Example for full password: 109$jocluarity33#4MUO

Play Around With Vowels

This is a method you can use for the base password and the way you append the service’s name. There are many ways to do this creatively, one of which is taking a favorite phrase or activity and removing the vowels from it. You can also use the vowels again at the end of the password, to make it really hard to guess.

For example, I like to ride horses, so I can take the phrase “Ride A Horse”, remove the vowels, and get this: “RdHrs”. I can now choose to append the vowels at the beginning or end of the password, like this: “RdHrsieAoe”. This looks completely random, but it’s actually not, and if you know what phrase you used, you can be typing it quickly in no time. If you want to make it more secure by replacing some letters with numbers or symbols, go right ahead. You can also attach a number or symbols you know you’ll remember, but don’t use something too obvious like your postal code or date of birth.

When appending the service’s name, you can also play around with vowels. For example, let’s say you’re creating a password for Amazon. You can use the first two vowels and first two consonants of the service, and end up with “mzAa”. You can get really creative with this, and find the way that’s easiest for you to remember, but as long as you stick with the same method all the time, you should be in the clear.

Example for full password: RdHrsieAoe#285$Mkae

Use Motor Patterns

choosing secure passwords

This is a cool tip I found over at lifehack.org, and one I’ve been using for codes and such all my life without even realizing. Motor patterns are not about remembering actual passwords. Rather, you remember the pattern your fingers take when typing that password on your keyboard. Have you ever remembered a code you have to punch in or a phone number by the pattern you use to dial it? This is the same thing, and can be used to generate passwords that look completely random, but are easy for you to remember.

There are many ways you can go about creating such a password, but my favorite way is to base it on a number you know you’ll remember (again, nothing too obvious!). Let’s take 285, for example. The easiest way to create a pattern out of it would be to use the letters that are directly below these numbers on my keyboard. For example, 2wsd8ikl5tgh. Looks completely meaningless, doesn’t it? You can spruce it up with more complex patterns, upper case letters and symbols, but don’t go too far, or you might forget your password!

If you really want to play safe, you can continue with motor patterns when appending the service’s name as well. For example, by using the letters to the left of each key, MUO can turn to MnUyOi.

Example for full password: 2wsd8ikl5tghMnUyOi

Connect The First Letters Of A Passphrase

This s a fun way to create passwords that are really easy to remember. Pick a phrase you love, such as “Love Makes The World Go Round”, and use the first letter of each word to create a new word: LMTWGR. You can now use this base password in any number of creative ways. Some ideas are: reverse it, add numbers and/or symbols you’ll remember, or use first and last letters of each word (LeMsTeWdGoRd).

Now all you have to do is append the service’s name, and you’re done.

Example for full password: Le2Ms8Te5Wd#Go$RdMUO

Mix Words

This a great way to create secure passwords, but I find it a bit harder to use and remember without getting confused. Nevertheless, it’s still a very useful method, and since our brains don’t all work the same, I’m sure some of you will love it.

Take a phrase, activity, etc. with two or three words, and mix the letters up so all first letters come first, all second letters come second, and so on. For example, if my phrase is “chocolate milkshake“, my password will look like this: cmhiolckoslhaatkee. You don’t have to choose such long words, of course, you can always go for something like “eat cake” – ecaatke. It all depends on how secure you want to be.

If you want to take it a step further, use capital letters for one word and lower-case letters for the other. You can also insert your favorite number/symbol combination, as I’ve been doing with my other examples. The final step is to append your service name, and you’re done.

Example for full password: cMhIoLcLoLlHaAtKeE285MUO

Reverse

choosing secure passwords

Reversing words is an obvious yet effective way to create secure passwords. Although I love black cats, my password can never be or include the phrase “Black Cat”. By reversing this phrase to taCkcalB or kcalBtaC, I get something that looks pretty much random, and is a much better fit for a base password. Some symbols and numbers could make it even more secure.

You can also use the reverse method on the service name. If you’re creating a password for eBay, try appending yaBe instead.

Example for full password: kcalB#$taC285OUM

Add Spaces

You may not be aware of this, but many services allow spaces in the passwords you create for them. I would not rely on spaces for your base password, as some services will not allow you to use them and you’ll be stuck, but you can try adding a space between your base password and service name, and see if that works. If it does, it’s another layer of security for your password.

Check Your Password

Now that you’ve devised a base password you can remember, it’s time to check how secure it really is. HowSecureIsMyPassword will tell you how long it would take a desktop PC to crack your secure password, and also provide you with tips on how you can improve it.

secure passwords

The Password Meter is also a great place to check your password, and gives your password a score from 1 to 100. It provides detailed feedback and suggestions on how you can improve your password.

These Are Just Some Suggestions

There are endless ways to create memorable and strong passwords. Remember that even the methods mentioned above are only examples, each of them can be used in slightly different ways to create completely different results. Go with what you think would be the easiest for you to remember, and build your password around that. As long as you follow the basic guidelines, and use the same rules for all your passwords, you shouldn’t have problems.

If you’re not convinced, and would rather continue with random ones, find the best ways to manage your passwords. If you need further help in managing your huge password collection, head over to our password management guide for some priceless information.

How do you create secure passwords that are easy to remember? Have some tips to share? Tell us in the comments!

Image credit: Lock image via Shutterstock, Password image via Shutterstock, Woman search book image via Shutterstock, Keyboard image via Shutterstock, Turn back sign image via Shutterstock

Ads by Google

40 Comments - Write a Comment

Reply

Pooja

Interesting post… but in some cases sites don’t allow special chars. then what can be done in that case?

Yaara Lancet

Just don’t use special characters in those. Although I believe most websites allow characters such as @#$% in passwords.

Reply

Shaun Campbell

…or just use Lastpass.

Yaara Lancet

Yeah… that’s covered in the intro paragraph. :)

Reply

Chris

A vote for Lastpass from me. 80 sites all with different randomly generated passwords.

Another point of view to the whole invent-your-own: http://xkcd.com/936/

The more complicated I have to make the password, the more likely I am to write it down.

Also, if you run a website that allows account creation, please stop restricting me. My bank allows a max of 16 characters. An MMO I play allows me to use a 21 character password of my choice. According to all the password strength checkers I’ve tried, the MMO is orders of magnitude more secure. There’s literally no reason for length restrictions since the password should be stored as a hash.

Yaara Lancet

That’s a good xkcd, thanks for sharing that. :)

As for password managers, I use one myself, as I mentioned in the first paragraph of this post. The post is for those who want to avoid that or just want passwords they can also remember.

Reply

Bogdan Chirita

good article. one of my passwords takes 125 million years to break, according to HowSecureIsMyPassword.

Sam

And now, HowSecureIsMyPassword knows your password, too :)))

Chris Marcoe

Change a single letter in it and they don’t. Change a few #s and they won’t know it. they are jsut looking to see what the digit is, like, capital/lower case/number/symbol. It doesn’t matter what the value is.

Reply

Kirby

I usually choose a password related to the site / service I’m using so it would be easier to remember.

Reply

Nevzat A

Great suggestions, Yaara, many thans for the article.

Reply

suneo nobi

Agreed,but an application like KeePass would streamline the process a little as well as protect from the keyloggers with additional entropy………………………

Yaara Lancet

Very true. Password managers are great, as I mention in the first paragraph of this article… :)

Reply

techguyknows

HowSecureIsMyPassword can be inaccurate at times. A simple word can take a long time to crack?

Yaara Lancet

Which word did you use? For most simple words I tried it returned either “instantly” or several hours. The most I got was several days for very long words.

dragonmouth

ROTFLMO!!! HowSecureIsMyPassword is a JOKE. It puts more value on QUANTITY of characters in a password than on their QUALITY. I put in the 26 letters of the English alphabet, in order, lower case into their “analyzer”. I was told that it would take 430 quintillion years to crack it. Both you and I know that even an incompetent hacker can crack that password in seconds.

PasswordMeter.com and TestYourPassword.com provide a more stringent analysis of the security of a a prospective password.

On the surface your tips seem great but they all exhibit a pattern. Once a hacker determines a pattern, his/her job becomes easier by orders of magnitude. If you want really want to be secure you need to generate random characters passwords using a password generator, such as PassGen or PasswordChart.com, and then using a password manager.

However, the Achilles heel of LastPass, KeePass and other password managers is that if their password is compromised, all others in the vault are available to the nogoodnik.

Yaara Lancet

Thanks for the feedback, dragonmouth. Right to the point, as usual. :)

Reply

Kuriakopoulos Marios

really interesting article!! thank you.
i had never thought of using the service name in the end of the password.
You made me think of redesigning all my passwords!

Reply

Scott M

I use sticky password.I find it the best.

Reply

Helen

I thought I had a system down for passwords and then discovered that keyboards on smart phones do not match keyboards on my pc an I now have all kinds of headaches when I need to put a password into my I phone. (One I made up on my PC at home)

Scott M

That happened to myself as well.Drove me crazy for a while.I had to redo quite a few passwords.

Reply

Darrell Walery

These are great tips but pretty complicated. Here is a post I did that gives you some simpler ways to create secure passwords. Perhaps not as secure as something that would not be cracked in 425 Quintilion years, but really, do you need that?
Some are similar but a bit simpler. http://tiptomato.com/?p=244

dragonmouth

“Here is a post I did that gives you some simpler ways to create secure passwords.”

Simpler ways lead to simpler, less secure password. Input the sample passwords provided by the site you mention into PasswordMeter.com’s analyzer. You will find that First Letters of a Phrase and Random Word methods lead to very weak passwords.

“Perhaps not as secure as something that would not be cracked in 425 Quintilion years, but really, do you need that?”

That depends on how much you value the information you are trying to protect, and/or whether you mind your PC being used as a zombie. Do you mind someone unauthorized using your WiFi?

Reply

macwitty

I have given up when it comes to having passwords that I will remember myself. Have tried different methods but there are too many sites that require passwords for me to remember them. Worst it is with those I not used very often. Today I have three really strong passwords that I can remember – the rest is in 1Password. The tree I remember is a combination of misspelled words, numbers and space

Reply

Chinmay Sarupria

These passwords are also hard to remember. The only thing that can be done is generate mixed strong passwords and then store them in LastPass.

Reply

Manide

Using Lastpass is more productive than creating passwords by yourself IMHO. Also, two-factor authentication when it’s possible.

Reply

Patrick

Interesting, if complex, ways to create somewhat memorable passwords. Unfortunately, as Ars Technica pointed out a while back, all these “clever” password methods are now well known to serious hackers. Check out their explanation:
http://arstechnica.com/security/2012/08/passwords-under-assault/

Yaara Lancet

Thanks, Patrick, interesting read!

Charlie O.

Wow. That’s an eye-opener. I used to think having my full name as my gmail address was cool. Now I think, if they have my name and email, cant they get my location and then phone number? How strong would 2 factor be then?

I realize that just HAVING my phone number doesn’t mean they can use my phone, or receive texts, but when I read the ARS-T article, it suddenly seems that even completely random PWs can be brute forced, and length of phrase now seems like just a race against time. Cell phones are safe, but the computers that run them are only as safe as the tech those companies can buy.

Recently, I learned on NPR that the Chinese have an actual brigade in the military devoted to hacking. I think I like the rule, “Don’t put anything online that you don’t want EVERYONE to know.”

Reply

Graham Richardson

As well as the really annoying restrictions some site put on passwords there are a few which require regular changes. I have at least 5 at work 3 needing to be changed every 4 weeks and two every 6 months. I have a fairly simple system of a set password (random letters) and then a number which goes up 1 each 4 weeks. I then change all the others at the same time so they use the same number. I just need to have the number written down (away from the PC). Even then its annoying that each service has its own rules – with two not allowing the use of any non alphanumeric characters which is really annoying!

Reply

julien c

lastpass is a very good program. Make sure you have a secure master password

Reply

OLUWOLE O

This tip is quite useful for me as i have many online properties that i log on to ( both for me and on behalf of others) Well written peice

Reply

Dave Otee

to keep it simple…..my vote is with all those that said LastPass. That one saves my butt everytime. I do the best I can to remember most of mine (says me), only to learn that the more i think I know, the less I actually do. Great article also. Thanks for all the suggestions, they are great ideas.

Reply

cosanova

Mix different languages in the password at the same time you switch letters with numbers. Dictionary attacks normally are based in English, maybe in some other major language. Random phrases (“I like peanuts while shaving my feet”) in mixed languages are impossible to guess, let alone with the number trick. And these are easy to remember -unless you are monolingual…

Reply

Manuth Chek

What about the order of Dvorak keyboard layout (and not OWERTY)?

Reply

cosanova

My system gives me a password of 10 vigintillion years, I think that is around (4 x 10^37) times stronger than 255 septillion years.

Reply

cosanova

By the way, I turned the wifi off and changed the password a bit when checking it, the site seems to just use Javascript to make the math but you never know…

Reply

Trovolve

i used to have these kind of passwords, until i came to live in France.

Reply

Selva Kumar

wow really nice and usefull .. Thanks Yaara Lancet

Reply

Ann Shea

Some good ideas. I try to use the same passwords for sites I visit often but it’s a pain when I have to reset one of them. I also like to use a cloud based document like Google Docs, Gmail contacts, or Evernote to store info, so I can access it anywhere, but you have to not forget the password to log into THOSE sites. Having a password reset tied to your phone for SMS messages is a great service now offered by smart sites.

Another idea is to take a regular word and substitute numbers for some of the vowels. In this instance the world VOWEL might become V0W31… You use numbers that look like the vowel, so O is 0; E is 3, and L is 1.

When I saw the note about using a real book to generate some base words for passwords, I thought what a great idea it would be to use a book’s blank end pages or inside cover to write down key passwords. No one would look there…kind of like the old hide your jewelry inside tupperware in the fridge. LOL.

Your comment