Pinterest Stumbleupon Whatsapp
Ads by Google

password-lockCreating strong passwords for all your online accounts is not a thing you should do. It is a thing you must do. Two months ago, my Google account was hacked into. The hackers changed my password and blocked my access to the account. Luckily, I discovered this early and got Google to change my password via my secondary email account.

Last week, the MakeUseOf Google account was also hacked into and the hacker had the audacity to transfer the MakeUseOf domain out and blackmail the owner. In case you are still thinking that your password is strong and safe, maybe it’s time to wake up.

What makes a strong password?

I shall not elaborate on this since many sites have already discussed this in great detail. In a nutshell, a strong password must constitute the following:

  • It needs to contain special characters such as @#$%^&
  • It must be at least 8 characters long.
  • It must not have any common words such as 123, password, your birth date, your login name and any words that can be found in the dictionary.
  • a variation of capitalization and small letters

In my opinion, even if your password consists of the above, it is still not enough. Your password needs to be totally unique and different for each and every one of your online accounts. This is to make sure that in the event that one account is hacked into, your other accounts will not be affected.

You must be wondering how you are going to remember so many passwords when you have a problem remembering your existing one. Here are some steps that I have used and they are very powerful. Here it is:

1. First, think of a thing, date, phrase, event, place or anything that is unique only to you. It must be at least 8 characters long. I call this the salt term. For demonstration purposes, I will use my name Damien Oh as the salt term throughout this article. Note that the capital letters and the space in between the name are part of the salt term. For your own account, please select a salt term that is difficult for other to guess.

Ads by Google

2. I used the following rules to replace the regular characters with special characters. You can form your own rule.

  • Replace all the ‘a’ with @
  • Replace all the ‘s’ with $
  • Repalce any space with %
  • Replace any ‘o’ with 0
  • Replace any ‘i’ with !

In this case, the simple term Damien Oh becomes D@m!en%Oh.

3. Now go to [NO LONGER WORKS] Password Meter (see MakeUseOf review here) and test the strength of your salt term. This is the result of the above term. If your salt term is not strong enough, you will see a list of items that you can improve on.

how to create strong passwords

4. Once you are happy with your salt term and are sure that only you can decipher it, go to any of your online accounts now. To set a password for that account, append the name of the site, or the URL of the site to the end of your salt term.

For example, for a MakeUseOf account, I will use D@m!en%OhM@keU$e0f as my password and use D@m!en%OhG00glem@!l for my Gmail account.   If you do this for each and every one of your sites, you will be surprised to find that you have just created tens, hundreds, or even thousands of different passwords that you can remember easily.

Instead of the site name or the URL, you can also a variation of the site names or any other names that are related to the site.

Is that enough?

That is only the beginning. To really make it secure and hard for others to guess, you will need to change your password every few months. Some of you may find it a chore to come up with new passwords every month. Here is what you can do:

Instead of appending the site name to the end, you can now append it to the front, in the middle or even split the site name out into few parts. For example:

  • M@keD@m!enU$e0h0f
  • M@keU$eD@m!en%0h

You can also change the replacement characters such as @ for ~ and whatsoever. You can also do a complete changeover of your salt term to come up with a totally different password.

Conclusion

Generating and using a strong password is only your first line of defense against hackers. The most important thing that you should take note of is your internet browsing habits. When you are using a public terminal, make sure that it has the proper firewall and anti-virus installed, make sure your network is secure, log out when you are done with your session and clear the cache once you are done.

What other methods do you use to generate your passwords?

  1. rkinfo
    September 2, 2016 at 8:59 pm

    Nice Article I would like to share somthing about this topic Do NOT use sets, reps or personal data
    Many times when we want to create a password for some reason the first that come to mind are of the type "123456," "abcdefg", "1111111". Such passwords are easy to guess or to be trapped by brute force hacking.

    Another common mistake is to write our initials, date of birth or other personal information, which as explained in the introduction is the first to be scanned, so we must avoid passwords like "amr1985" or "08081985" involving personal information and usually write in data recording sites.

  2. Marcus Fridholm
    May 14, 2015 at 8:43 am

    All such replacement systems as described here are the at the very bottom rung of cryptography. When it comes to computers l33t or variants are utterly useless as password enhancers. Better to stick in a random special character in a random place: A construct like "pas=sworD" is inherently stronger in real life than "p4$$w0rd".

    Even if the replacements in a l33t scheme are totally randomly chosen (like using ? instead of s), it is trivial to run all variants in a computer in fractions of fractions of seconds; if of course the scheme holds true throughout the password. It is also hard to remember for you, the creator.

    Actually a password like "D@m!en%OhG00glem@!l" is rather easy to guess for a computer, even with a 90-bit entropy, if the salt "Damien Oh" can be guessed and is added to the rainbow table. A rainbow table is the table of words and phrases to try separately and in combos. At the very top of such a table are names, domains, mail addresses, common words, common places, statistically common passwords and so on.

    The problem then becomes the salt. If the salt can be guessed, you can replace all you want and it makes no difference whatsoever.

    So what is the solution?

    It would actually be harder (for a computer) to guess a series of plain text seemingly unrelated random words.
    Take the phrase: "strategymentreplacel33tfalsesafetylikeseltinnotsalT".
    Not only has it about 250 bits of entropy, it's also associative but without stuff that can be researched by researching the person behind the password.
    Even the shorter "egystratmentreplacel33T!=true" has ~150 bits of entropy, is rather tongue in cheek and therefore easy to remember – for the creator that is.

    Computers are not people (yet), and what looks hard for us is trivial for a computer, while what looks easy for us can be hard for someone without associative skills.

    I recommend reading https://xkcd.com/936/ that describes the problem in a fun way.
    I recommend visiting http://correcthorsebatterystaple.net/ to make your own.
    I recommend using http://rumkin.com/tools/password/passchk.php to get a feel for the entropy of your chosen password.
    I strongly recommend using google authenticator where you can, and I recommend lastpass, that can save all your passwords securely. Combine the two to make lastpass your true armored safe for passwords.

  3. 44
    December 26, 2014 at 2:58 am

    Plz tell me one password i can keep that my friends.i m 18 years.

  4. 44
    December 26, 2014 at 2:55 am

    I am angry of my password my name. Is u cant prouns it
    my father is fish

  5. Keith Davis
    November 9, 2009 at 1:46 pm

    I don't know if I can remember my password, but testing it on the meter gave me 100% so I'll settle for that.

    Brilliant and very useful post... with all the WordPress hacking, it's just what I needed.

  6. Marc
    October 7, 2009 at 4:52 am

    I use visual "snake" patterns on my keyboard. For example, the password hy65tgfr4 may be hard to remember, but type it and notice the pattern. I usually complicate the password by using shift on some keys, also using a pattern. E.g.: CdE3$rFvBgT5.

    This way you need to remember only three things: the starting location of your password (can use for example the first letter of the site name), the direction of the "snake" and the shifting pattern.

  7. Rina
    September 21, 2009 at 2:27 am

    Here(http://mywords.mydooars.com/?page_id=121) is a Password generator that create a strong password that is easy to remember. It taken ur easy remembered password and change it into strong password.

  8. Dirk
    August 18, 2009 at 8:18 am

    PasswordMeter fails at my password. It grows stronger and stronger with each letter i type and suddenly falls to “Very Weak”.

  9. tungsten
    July 31, 2009 at 8:17 am

    Strong passwords are defined in this blog

    read-me-dot-text.blogspot.com/2009/07/how-to-create-strong-passwords.html.

    • Tigger
      August 3, 2009 at 6:06 am

      Tungsten,
      sorry, but the link doesn't work.

  10. Tigger
    July 20, 2009 at 8:21 am

    People need to stop thinking about passWORDS and think of passPHRASES. "MyS0nis12." My Son is 12. "B1llh@s@w3@kp@ssw0rd!" Bill has a weak password! "MyB0ssisAnidi0t!"

  11. F. Seidl
    March 23, 2009 at 8:43 am

    Consistently using simple substitution rules is almost like not using them at all. As was pointed out already, any serious crack attempt will run quickly through these simple rules.

    With so many sites asking for passwords, one has to first consider whether or not to use the same password in multiple places; e.g., Should your Gmail account use the same password as your New York Times subscription? IMO, the answer is no. By using different passwords on different sites, you create natural security breach firewalls.

    But, as soon as you start using different passwords, it quickly becomes impossible for you to remember all your passwords anyway, so making memorable passwords becomes not that important.

    The approach I recommend is to keep a "black book" and create genuinely strong passwords. You may or may not elect to use a software password manager (if you do, use a secure one!) but its critical that you keep a physical record of each password. I do use a software password manager, but I also keep a physical record of all passwords in a little black book--literally.

  12. Marcus
    March 13, 2009 at 4:54 am

    I hate it when a site won't let you use special characters and I have to come up with a special weaker password for that site. Passwod managers and generators are cool, but if you use different computers with different OSes or you use a friends computer you may not have access to your random passwords.

  13. Phaoloo
    March 3, 2009 at 7:30 pm

    Great tip, but I found that using a password keeper to generate a password is faster and more secure.

  14. Bob Smith
    November 13, 2008 at 12:31 am

    Just use KeePass. It's free, it has a good PW generator, and it eliminates a lot of hassle. There's even a Linux version.

  15. Mark O'Neill
    November 12, 2008 at 11:54 am

    I just tried out this website - http://hackosis.com/projects/bfcalc/bfcalc.php . It told me that my password would take 59,000 days to crack. Not sure if it that is true or if it was just trying to make me feel better! :-)

  16. Min Patty
    November 12, 2008 at 9:22 am

    i also use passwordbird.com for easy to use daily human passwords.

  17. Joshua
    November 11, 2008 at 3:55 pm

    My passwords are different for everything, but they're all based on the same formula. That way all my passwords are around 20 characters long and they're easy to remember.

  18. Eric
    November 11, 2008 at 2:37 pm

    You can always use the Ultra High Security Password Generator at GRC...

    https://www.grc.com/passwords.htm

  19. The Windows Fix
    November 11, 2008 at 2:29 pm

    I actually just wrote about a password checking tool today. Password Meter sucks...I had a incredibly long password with #s, characters, upper and lower case letters, and still got a very weak response.

  20. Simon Slangen
    November 11, 2008 at 9:51 am

    I use serial numbers from random products I've got lying around ^^ (e.g. 0PL218KGA)

  21. dovetalk
    November 11, 2008 at 5:09 am

    I would only recommend such a practice for the sites that you really trust. If you use this scheme for a site that harvest passwords, it will be very simple for them to recognise the pattern.

    I use random password combined with a password safe. Still a single point of failure, but I am at least sure that I never use the same password for different accounts...

  22. Nicole
    November 11, 2008 at 4:52 am

    Brilliant! Converting my accounts as well now.

  23. Jeenu
    November 11, 2008 at 1:08 am

    Thanks for the post.

    There's this problem that I see with such a substituting algorithm: there are some websites that I've seen which have a taboo for a particular set of characters - say $, % and ~. In this case, you just can't stick with your algorithm. And creating a for that site alone will make it difficult for remember. The browser's password manager can be of help here.

  24. web
    November 11, 2008 at 1:05 am

    "Replace all the ‘a’ with @" - I'm sure any proper password cracking tool is doing easy substitutions like that to the wordlists. Don't use any word that is in a dictionary and do make up your own rules for 2.

  25. venkat
    November 11, 2008 at 12:30 am

    These tips are very helpful for beginners and advanced users as well no one's passwords are safe now.

  26. Street
    November 10, 2008 at 9:34 pm

    Thanks for this. I have been trying to come up with a simple algorythum for some time. This served as the perfect starting point for me! Now the fun of converting all my accounts begins!

  27. AttmayMB61489
    November 10, 2008 at 3:34 pm

    My favorite trick is to move my fingers from the home row (i.e. asdf jkl;) on the keyboard to another row (either up or down). (e.g. If you want to type the string "makeuseof" replace it with "jqi37w39r". Then push shift for half of it. now we get "JQI#7w39r".)

    Practice it in notepad a few times, and you've got a fast, easy, and very secure password.
    You now have symbols, upper and lowercase letters, and numbers in your password. The best part: you can't even tell a person your password if they give you truth serum! You don't actually know your password, but rather how to type it! Secret agents would love this!

    Great article!

    • Damien Oh
      November 11, 2008 at 5:07 am

      That's a good way to generate a unique password. Does it work with a different keyboard layout? I know of some gaming keyboards that have a slightly different layout. Will it still work with your existing password?

  28. LastPass
    November 10, 2008 at 3:32 pm

    There are also a number of free programs to help you with this cause.
    KeePass has a password generator, as do Roboform, PassPack, and Sxipper.

    If you want a free solution that's integrated directly into your browser, with one-click automatic logins, automatic backup and syncing of your passwords across multiple platforms, browsers, and locations -- as well as lots of other features -- you should also look at LastPass.com.
    We're currently in public beta.

    LastPass.com

    • Damien Oh
      November 11, 2008 at 5:03 am

      I am not sure I want to have the password integrated directly into my browser since I have a family PC that is used by 6 people in the household. Since it can sync over multiple platform, does it mean that it is stored online on your server? I am concern about the security issue here.

    • Kathy
      March 15, 2009 at 11:39 am

      I use robo form, and there's a master password for each user. {Idenities} So someone else unless they have your master password can't look at your files.

  29. Mackenzie Morgan
    November 10, 2008 at 3:04 pm

    1. Think of a sentence, phrase, title, lyric...at least 12 words long. Preferably 15 words or longer. "All around the mulberry bush the Monkey chased the Weasel. The Monkey thought it was all in fun."
    2. Take the first letter of each word, maintaining capitalization. AatmbtMctW.TMtiwaif
    3. Change *some* of the letters to 1337 (but not all, otherwise you cut down your entropy again). And if it goes from letter to number in 1337 and is capital, still hit shift: A@7m13tMchW.&Mt|waif
    4. Use that.

Leave a Reply

Your email address will not be published. Required fields are marked *