How To Create Strong Passwords That You Can Remember Easily
Creating strong passwords for all your online accounts is not a thing you should do. It is a thing you must do. Two months ago, my Google account was hacked into. The hackers changed my password and blocked my access to the account. Luckily, I discovered this early and got Google to change my password via my secondary email account.
Last week, the MakeUseOf Google account was also hacked into and the hacker had the audacity to transfer the MakeUseOf domain out and blackmail the owner. In case you are still thinking that your password is strong and safe, maybe it’s time to wake up.
What makes a strong password?
I shall not elaborate on this since many sites have already discussed this in great detail. In a nutshell, a strong password must constitute the following:
- It needs to contain special characters such as @#$%^&
- It must be at least 8 characters long.
- It must not have any common words such as 123, password, your birth date, your login name and any words that can be found in the dictionary.
- a variation of capitalization and small letters
In my opinion, even if your password consists of the above, it is still not enough. Your password needs to be totally unique and different for each and every one of your online accounts. This is to make sure that in the event that one account is hacked into, your other accounts will not be affected.
You must be wondering how you are going to remember so many passwords when you have a problem remembering your existing one. Here are some steps that I have used and they are very powerful. Here it is:
1. First, think of a thing, date, phrase, event, place or anything that is unique only to you. It must be at least 8 characters long. I call this the salt term. For demonstration purposes, I will use my name Damien Oh as the salt term throughout this article. Note that the capital letters and the space in between the name are part of the salt term. For your own account, please select a salt term that is difficult for other to guess.
2. I used the following rules to replace the regular characters with special characters. You can form your own rule.
- Replace all the ‘a’ with @
- Replace all the ’s’ with $
- Repalce any space with %
- Replace any ‘o’ with 0
- Replace any ‘i’ with !
In this case, the simple term Damien Oh becomes D@m!en%Oh.
3. Now go to Password Meter (see MakeUseOf review here) and test the strength of your salt term. This is the result of the above term. If your salt term is not strong enough, you will see a list of items that you can improve on.
4. Once you are happy with your salt term and are sure that only you can decipher it, go to any of your online accounts now. To set a password for that account, append the name of the site, or the URL of the site to the end of your salt term.
For example, for a MakeUseOf account, I will use D@m!en%OhM@keU$e0f as my password and use D@m!en%OhG00glem@!l for my Gmail account. If you do this for each and every one of your sites, you will be surprised to find that you have just created tens, hundreds, or even thousands of different passwords that you can remember easily.
Instead of the site name or the URL, you can also a variation of the site names or any other names that are related to the site.
Is that enough?
That is only the beginning. To really make it secure and hard for others to guess, you will need to change your password every few months. Some of you may find it a chore to come up with new passwords every month. Here is what you can do:
Instead of appending the site name to the end, you can now append it to the front, in the middle or even split the site name out into few parts. For example:
- M@keD@m!enU$e0h0f
- M@keU$eD@m!en%0h
You can also change the replacement characters such as @ for ~ and whatsoever. You can also do a complete changeover of your salt term to come up with a totally different password.
Conclusion
Generating and using a strong password is only your first line of defense against hackers. The most important thing that you should take note of is your internet browsing habits. When you are using a public terminal, make sure that it has the proper firewall and anti-virus installed, make sure your network is secure, log out when you are done with your session and clear the cache once you are done.
What other methods do you use to generate your passwords?
(By) Damien Oh is an all-out technology geek who loves to tweak and hack various operating systems to make life easier. Check out his blog at MakeTechEasier.com where he shares all the tips, tricks and tutorials.
1. Think of a sentence, phrase, title, lyric…at least 12 words long. Preferably 15 words or longer. “All around the mulberry bush the Monkey chased the Weasel. The Monkey thought it was all in fun.”
2. Take the first letter of each word, maintaining capitalization. AatmbtMctW.TMtiwaif
3. Change *some* of the letters to 1337 (but not all, otherwise you cut down your entropy again). And if it goes from letter to number in 1337 and is capital, still hit shift: A@7m13tMchW.&Mt|waif
4. Use that.
There are also a number of free programs to help you with this cause.
KeePass has a password generator, as do Roboform, PassPack, and Sxipper.
If you want a free solution that’s integrated directly into your browser, with one-click automatic logins, automatic backup and syncing of your passwords across multiple platforms, browsers, and locations — as well as lots of other features — you should also look at LastPass.com.
We’re currently in public beta.
LastPass.com
I am not sure I want to have the password integrated directly into my browser since I have a family PC that is used by 6 people in the household. Since it can sync over multiple platform, does it mean that it is stored online on your server? I am concern about the security issue here.
I use robo form, and there’s a master password for each user. {Idenities} So someone else unless they have your master password can’t look at your files.
(Comments wont nest below this level)My favorite trick is to move my fingers from the home row (i.e. asdf jkl;) on the keyboard to another row (either up or down). (e.g. If you want to type the string “makeuseof” replace it with “jqi37w39r”. Then push shift for half of it. now we get “JQI#7w39r”.)
Practice it in notepad a few times, and you’ve got a fast, easy, and very secure password.
You now have symbols, upper and lowercase letters, and numbers in your password. The best part: you can’t even tell a person your password if they give you truth serum! You don’t actually know your password, but rather how to type it! Secret agents would love this!
Great article!
That’s a good way to generate a unique password. Does it work with a different keyboard layout? I know of some gaming keyboards that have a slightly different layout. Will it still work with your existing password?
Thanks for this. I have been trying to come up with a simple algorythum for some time. This served as the perfect starting point for me! Now the fun of converting all my accounts begins!
These tips are very helpful for beginners and advanced users as well no one’s passwords are safe now.
“Replace all the ‘a’ with @” – I’m sure any proper password cracking tool is doing easy substitutions like that to the wordlists. Don’t use any word that is in a dictionary and do make up your own rules for 2.
Thanks for the post.
There’s this problem that I see with such a substituting algorithm: there are some websites that I’ve seen which have a taboo for a particular set of characters – say $, % and ~. In this case, you just can’t stick with your algorithm. And creating a for that site alone will make it difficult for remember. The browser’s password manager can be of help here.
Brilliant! Converting my accounts as well now.
I would only recommend such a practice for the sites that you really trust. If you use this scheme for a site that harvest passwords, it will be very simple for them to recognise the pattern.
I use random password combined with a password safe. Still a single point of failure, but I am at least sure that I never use the same password for different accounts…
I use serial numbers from random products I’ve got lying around ^^ (e.g. 0PL218KGA)
I actually just wrote about a password checking tool today. Password Meter sucks…I had a incredibly long password with #s, characters, upper and lower case letters, and still got a very weak response.
You can always use the Ultra High Security Password Generator at GRC…
https://www.grc.com/passwords.htm
My passwords are different for everything, but they’re all based on the same formula. That way all my passwords are around 20 characters long and they’re easy to remember.
i also use http://www.passwordbird.com for easy to use daily human passwords.
I just tried out this website – http://hackosis.com/projects/bfcalc/bfcalc.php . It told me that my password would take 59,000 days to crack. Not sure if it that is true or if it was just trying to make me feel better!
Just use KeePass. It’s free, it has a good PW generator, and it eliminates a lot of hassle. There’s even a Linux version.
Great tip, but I found that using a password keeper to generate a password is faster and more secure.
I hate it when a site won’t let you use special characters and I have to come up with a special weaker password for that site. Passwod managers and generators are cool, but if you use different computers with different OSes or you use a friends computer you may not have access to your random passwords.
Consistently using simple substitution rules is almost like not using them at all. As was pointed out already, any serious crack attempt will run quickly through these simple rules.
With so many sites asking for passwords, one has to first consider whether or not to use the same password in multiple places; e.g., Should your Gmail account use the same password as your New York Times subscription? IMO, the answer is no. By using different passwords on different sites, you create natural security breach firewalls.
But, as soon as you start using different passwords, it quickly becomes impossible for you to remember all your passwords anyway, so making memorable passwords becomes not that important.
The approach I recommend is to keep a “black book” and create genuinely strong passwords. You may or may not elect to use a software password manager (if you do, use a secure one!) but its critical that you keep a physical record of each password. I do use a software password manager, but I also keep a physical record of all passwords in a little black book–literally.