You’ve heard it all before. Don’t use the name of a beloved person/pet, their birthdate/anniversary, words found in any dictionary (including foreign languages) spelled forward or backward, part or all of your username or real name, or common keyboard combinations like “qwerty” or “abc123” as your passwords because they’re too easy to guess. Don’t use the same password for all of your accounts. Change your passwords regularly. Don’t re-use them. Don’t write them down and put them on your monitor/under your keyboard/in your desk. With restrictions like these, how do you create passwords that are both strong and easy to remember? It’s not only possible, it isn’t even all that painful.
Go Beyond the Alphabet
In addition to upper and lowercase letters, use numbers, symbols (such as !, $, #, or %) and Unicode characters (such as €, Γ, and λ). Be aware of any symbols that are reserved for special functions in certain environments. Also, space characters can generally be used but do not count towards the password complexity requirements.
Go Long
The longer a password is, the harder it is to crack. It would take a hacker over 17,000 years to crack a good 12-character password. And by good, I mean something like “Walia-yo5mi!”, not “24Blackbirds!”. Just because it’s long, doesn’t mean it’s hard to guess. If you can’t get buy off on 12 or more characters (or the system doesn’t support it), at least don’t go below 8.
The Olive Branch
Changing your passwords regularly, even if they’re good ones, is a key component to security. This generally means every 30/60/90 days depending on company policy. At a bare minimum, change them annually. For best practice, not only should you never reuse old passwords, but you should also stay away from close variations of those passwords, which means devoting even more brain cells to coming up with and remembering totally new passwords. And no matter how hard you try, sometimes you will forget one either because you have too many to keep track of, you can’t remember the last time you used it or what the new one is, or the coffee hasn’t kicked in yet.
Fear not, for there is hope and it’s much better than a sticky-note or spreadsheet. KeePass is a free password management utility that you can use to safely store all of your passwords on your computer in an encrypted database. If you’re willing to shell out a few bucks, mSecure can also synchronize with your smartphone. Either way, that reduces the number of passwords you have to remember to two: the one that gets you into your computer/phone and the one that gets you into the password database. Since those two are now essentially gateway passwords, it’s even more important that they be both strong and easy to remember. With these basic tools in hand, the next step is finding good ways to use them.
Use Phonetics
One way to build a password is to string shorter words together and use phonetics to remove them from the dictionary. In other words, tweak words by replacing letters with numbers or symbols. For example, “Oh no, four ninjas!” could become “0hno,4Ninj@s” Another option is to create a password that has sounds you will remember that aren’t real words, such as “blaezy4@Newl”.
Use Muscle Memory
Another way to build a password is to let your fingers choose it for you based on their movement across the keyboard. For example, when you’ve dialed a phone number enough times, you don’t really think about the numbers anymore; your fingers just seem to remember where to go. Up, down, left, left, right, etcetera. This option is particularly good because, even though you can type the password out easily, chances are you wouldn’t be able to tell it to anyone else even if you wanted to because you don’t actually know what the characters are. Just make sure that the pattern your fingers create results in a password that meets the standard conditions for character complexity.
Use Art and Science
One of my favorite methods for password creation is using pop-culture references. Pick a favorite song/poem/book/movie, then focus in on a specific line and take the first letter (or syllable, if it’s short) from each. Any guesses as to what the “Walia-yo5mi!” example I gave above means? It’s a line from a Beetle’s tune: “We all live in a yellow submarine!” Alternately, you can build your own phrase out of something that only has meaning to you, such as “MfeitPTi#4Be” or “My favorite element in the periodic table is #4 Beryllium.”
Use A Pass Phrase
Finally, if you need a really, REALLY long password, consider using a pass phrase, which is basically a sentence with poor spelling and possibly bad grammar. For example: “I <3 creating 10k new passwords, really!”
So, go forth and make good passwords (but don’t use any of the above because they are now public knowledge and could end up in a hacker’s database). Do you have a favorite password trick that I didn’t mention? Please share it in the comments!