How To Create Strong Passwords That You Can Remember Easily

Ads by Google

password lock   How To Create Strong Passwords That You Can Remember EasilyCreating strong passwords for all your online accounts is not a thing you should do. It is a thing you must do. Two months ago, my Google account was hacked into. The hackers changed my password and blocked my access to the account. Luckily, I discovered this early and got Google to change my password via my secondary email account.

Last week, the MakeUseOf Google account was also hacked into and the hacker had the audacity to transfer the MakeUseOf domain out and blackmail the owner. In case you are still thinking that your password is strong and safe, maybe it’s time to wake up.

What makes a strong password?

I shall not elaborate on this since many sites have already discussed this in great detail. In a nutshell, a strong password must constitute the following:

  • It needs to contain special characters such as @#$%^&
  • It must be at least 8 characters long.
  • It must not have any common words such as 123, password, your birth date, your login name and any words that can be found in the dictionary.
  • a variation of capitalization and small letters

In my opinion, even if your password consists of the above, it is still not enough. Your password needs to be totally unique and different for each and every one of your online accounts. This is to make sure that in the event that one account is hacked into, your other accounts will not be affected.

Ads by Google

You must be wondering how you are going to remember so many passwords when you have a problem remembering your existing one. Here are some steps that I have used and they are very powerful. Here it is:

1. First, think of a thing, date, phrase, event, place or anything that is unique only to you. It must be at least 8 characters long. I call this the salt term. For demonstration purposes, I will use my name Damien Oh as the salt term throughout this article. Note that the capital letters and the space in between the name are part of the salt term. For your own account, please select a salt term that is difficult for other to guess.

2. I used the following rules to replace the regular characters with special characters. You can form your own rule.

  • Replace all the ‘a’ with @
  • Replace all the ‘s’ with $
  • Repalce any space with %
  • Replace any ‘o’ with 0
  • Replace any ‘i’ with !

In this case, the simple term Damien Oh becomes D@m!en%Oh.

3. Now go to [NO LONGER WORKS] Password Meter (see MakeUseOf review here) and test the strength of your salt term. This is the result of the above term. If your salt term is not strong enough, you will see a list of items that you can improve on.

password meter   How To Create Strong Passwords That You Can Remember Easily

4. Once you are happy with your salt term and are sure that only you can decipher it, go to any of your online accounts now. To set a password for that account, append the name of the site, or the URL of the site to the end of your salt term.

For example, for a MakeUseOf account, I will use D@m!en%OhM@keU$e0f as my password and use D@m!en%OhG00glem@!l for my Gmail account.   If you do this for each and every one of your sites, you will be surprised to find that you have just created tens, hundreds, or even thousands of different passwords that you can remember easily.

Instead of the site name or the URL, you can also a variation of the site names or any other names that are related to the site.

Is that enough?

That is only the beginning. To really make it secure and hard for others to guess, you will need to change your password every few months. Some of you may find it a chore to come up with new passwords every month. Here is what you can do:

Instead of appending the site name to the end, you can now append it to the front, in the middle or even split the site name out into few parts. For example:

  • M@keD@m!enU$e0h0f
  • M@keU$eD@m!en%0h

You can also change the replacement characters such as @ for ~ and whatsoever. You can also do a complete changeover of your salt term to come up with a totally different password.

Conclusion

Generating and using a strong password is only your first line of defense against hackers. The most important thing that you should take note of is your internet browsing habits. When you are using a public terminal, make sure that it has the proper firewall and anti-virus installed, make sure your network is secure, log out when you are done with your session and clear the cache once you are done.

What other methods do you use to generate your passwords?

Ads by Google

29 Comments - Write a Comment

Reply

Mackenzie Morgan

1. Think of a sentence, phrase, title, lyric…at least 12 words long. Preferably 15 words or longer. “All around the mulberry bush the Monkey chased the Weasel. The Monkey thought it was all in fun.”
2. Take the first letter of each word, maintaining capitalization. AatmbtMctW.TMtiwaif
3. Change *some* of the letters to 1337 (but not all, otherwise you cut down your entropy again). And if it goes from letter to number in 1337 and is capital, still hit shift: A@7m13tMchW.&Mt|waif
4. Use that.

Reply

LastPass

There are also a number of free programs to help you with this cause.
KeePass has a password generator, as do Roboform, PassPack, and Sxipper.

If you want a free solution that’s integrated directly into your browser, with one-click automatic logins, automatic backup and syncing of your passwords across multiple platforms, browsers, and locations — as well as lots of other features — you should also look at LastPass.com.
We’re currently in public beta.

LastPass.com

Damien Oh

I am not sure I want to have the password integrated directly into my browser since I have a family PC that is used by 6 people in the household. Since it can sync over multiple platform, does it mean that it is stored online on your server? I am concern about the security issue here.

Kathy

I use robo form, and there’s a master password for each user. {Idenities} So someone else unless they have your master password can’t look at your files.

Reply

AttmayMB61489

My favorite trick is to move my fingers from the home row (i.e. asdf jkl;) on the keyboard to another row (either up or down). (e.g. If you want to type the string “makeuseof” replace it with “jqi37w39r”. Then push shift for half of it. now we get “JQI#7w39r”.)

Practice it in notepad a few times, and you’ve got a fast, easy, and very secure password.
You now have symbols, upper and lowercase letters, and numbers in your password. The best part: you can’t even tell a person your password if they give you truth serum! You don’t actually know your password, but rather how to type it! Secret agents would love this!

Great article!

Damien Oh

That’s a good way to generate a unique password. Does it work with a different keyboard layout? I know of some gaming keyboards that have a slightly different layout. Will it still work with your existing password?

Reply

Street

Thanks for this. I have been trying to come up with a simple algorythum for some time. This served as the perfect starting point for me! Now the fun of converting all my accounts begins!

Reply

venkat

These tips are very helpful for beginners and advanced users as well no one’s passwords are safe now.

Reply

web

“Replace all the ‘a’ with @” – I’m sure any proper password cracking tool is doing easy substitutions like that to the wordlists. Don’t use any word that is in a dictionary and do make up your own rules for 2.

Reply

Jeenu

Thanks for the post.

There’s this problem that I see with such a substituting algorithm: there are some websites that I’ve seen which have a taboo for a particular set of characters – say $, % and ~. In this case, you just can’t stick with your algorithm. And creating a for that site alone will make it difficult for remember. The browser’s password manager can be of help here.

Reply

Nicole

Brilliant! Converting my accounts as well now.

Reply

dovetalk

I would only recommend such a practice for the sites that you really trust. If you use this scheme for a site that harvest passwords, it will be very simple for them to recognise the pattern.

I use random password combined with a password safe. Still a single point of failure, but I am at least sure that I never use the same password for different accounts…

Reply

Simon Slangen

I use serial numbers from random products I’ve got lying around ^^ (e.g. 0PL218KGA)

Reply

The Windows Fix

I actually just wrote about a password checking tool today. Password Meter sucks…I had a incredibly long password with #s, characters, upper and lower case letters, and still got a very weak response.

Reply

Eric

You can always use the Ultra High Security Password Generator at GRC…

https://www.grc.com/passwords.htm

Reply

Joshua

My passwords are different for everything, but they’re all based on the same formula. That way all my passwords are around 20 characters long and they’re easy to remember.

Reply

Min Patty

i also use passwordbird.com for easy to use daily human passwords.

Reply

Mark O’Neill

I just tried out this website – http://hackosis.com/projects/bfcalc/bfcalc.php . It told me that my password would take 59,000 days to crack. Not sure if it that is true or if it was just trying to make me feel better! :-)

Reply

Bob Smith

Just use KeePass. It’s free, it has a good PW generator, and it eliminates a lot of hassle. There’s even a Linux version.

Reply

Phaoloo

Great tip, but I found that using a password keeper to generate a password is faster and more secure.

Reply

Marcus

I hate it when a site won’t let you use special characters and I have to come up with a special weaker password for that site. Passwod managers and generators are cool, but if you use different computers with different OSes or you use a friends computer you may not have access to your random passwords.

Reply

F. Seidl

Consistently using simple substitution rules is almost like not using them at all. As was pointed out already, any serious crack attempt will run quickly through these simple rules.

With so many sites asking for passwords, one has to first consider whether or not to use the same password in multiple places; e.g., Should your Gmail account use the same password as your New York Times subscription? IMO, the answer is no. By using different passwords on different sites, you create natural security breach firewalls.

But, as soon as you start using different passwords, it quickly becomes impossible for you to remember all your passwords anyway, so making memorable passwords becomes not that important.

The approach I recommend is to keep a “black book” and create genuinely strong passwords. You may or may not elect to use a software password manager (if you do, use a secure one!) but its critical that you keep a physical record of each password. I do use a software password manager, but I also keep a physical record of all passwords in a little black book–literally.

Reply

Tigger

People need to stop thinking about passWORDS and think of passPHRASES. “MyS0nis12.” My Son is 12. “B1llh@s@w3@kp@ssw0rd!” Bill has a weak password! “MyB0ssisAnidi0t!”

Reply

tungsten

Strong passwords are defined in this blog

read-me-dot-text.blogspot.com/2009/07/how-to-create-strong-passwords.html.

Tigger

Tungsten,
sorry, but the link doesn’t work.

Reply

Dirk

PasswordMeter fails at my password. It grows stronger and stronger with each letter i type and suddenly falls to “Very Weak”.

Reply

Rina

Here(http://mywords.mydooars.com/?page_id=121) is a Password generator that create a strong password that is easy to remember. It taken ur easy remembered password and change it into strong password.

Reply

Marc

I use visual “snake” patterns on my keyboard. For example, the password hy65tgfr4 may be hard to remember, but type it and notice the pattern. I usually complicate the password by using shift on some keys, also using a pattern. E.g.: CdE3$rFvBgT5.

This way you need to remember only three things: the starting location of your password (can use for example the first letter of the site name), the direction of the “snake” and the shifting pattern.

Reply

Keith Davis

I don’t know if I can remember my password, but testing it on the meter gave me 100% so I’ll settle for that.

Brilliant and very useful post… with all the WordPress hacking, it’s just what I needed.

Your comment