How To Create (And Remember) Secure Passwords

Thanks to the internet, we live in an age of passwords. And having a secure, and unique, password for every website you visit is a must. But what makes a password secure, and how could you possibly remember dozens of different passwords? I’m going to show you how.

WHAT YOU SHOULD NOT USE FOR A PASSWORD

First, let’s look at some bad passwords. These are easy to remember, but incredibly insecure.

• Password – Seems pretty obvious, right? People still use “password” as a password. Don’t be that guy.
• Names (or pet names) – Crooks have software that can check every variation of every name in the book in seconds. Names are not secure. Adding a number doesn’t help. Don’t use names as passwords.
• Numbers – Birthdays, anniversaries, or any other number. Numbers can be cracked using software, and any number that’s somehow associated with you is even less secure than a random one.
• Words – Any word in the dictionary. Remember the software that can check every variation of every name in seconds? Same applies for every word in the dictionary. “Monkey” won’t cut it.

So, what is the best password you can have? The answer to that is, a long password that contain a mix of letters (upper and lower case), numbers, and symbols. Here’s a password that would take thousands of years to crack using the fastest computers with the most sophisticated software…

m9atWL[?)$%Gk38zBE~CuWHx#g}&K9_Gq-5wm_ZUJ{~]>wXA&5D-;L%wU%RDL

I don’t know about you, but I wouldn’t be able to remember that. Trying to keep track of a few dozen of those would be impossible.  Using the same password for everything is a really bad idea.  If a crook figures out your password, they have access to everything

And did I mention that you shouldn’t write them down?  If you rely on having them written down, what happens when you lose the paper?

But don’t worry. It is possible to have a unique password for every website you visit, while insuring a basic level of security. And you won’t even have to write them down because you will be able to remember them.

OUR GOALS

• Passwords must be unique for every website.
• Passwords should contain letters, numbers and symbols.
• Passwords must be easy to remember.

CREATE A SECURE PASSWORD SCHEME

I’ll walk you through creating a secure password scheme for yourself.

Step One: Pick a word that you will remember.

It should be somewhat random.  If you’re an avid photographer, don’t pick “camera”.  Think of something that nobody would associate with you.  For instance, maybe you’ve always wanted to visit Japan.  Think of something that interests you about Japan.  Like “samurai”, or “okinawa”.  Maybe you’re a fan of 1970′s pop music and you’ve always been fond of the song “Afternoon Delight” by Starland Vocal Band.  You could choose the word “skyrockets”, or even “afternoon”.

When I was a kid, I had a pen pal (pre-internet days y’all) who lived in Waterloo, Iowa.  So I’m going to pick “waterloo” as my base word.

Step Two: Mix your cases.

The word “waterloo” is completely insecure.  So let’s make it a tiny bit more secure by making at least one letter uppercase.  Most websites require at least one uppercase letter anyway.  I’m going to capitalize the W and L as if it were two separate words.

WaterLoo

Step Three: Swap out a letter or two.

WaterLoo is still very crackable.  I’m going to change a couple of those letters with symbols.  I’ll take the “oo” at the end and replace it with ( and ), which are shift+9 and shift+0.

WaterL()

Step Four: Make it unique.

So we have a base.  The word “waterloo” has become “WaterL()”.  We have a word that easy to remember, both lower and uppercase letters, plus symbols.

Now we want to make sure that for each website we visit, our password is different.  Let’s use two common websites as examples: Gmail and Facebook.  Look at the URL for each of these sites:

Choose two or three characters from the URL of the website.  For this example, we’ll use two characters.  It doesn’t matter which two, but they should be the same two every time.

I’ll use the 2nd and 3rd characters in the domain name.  So for google.com it would be “oo”, and for facebook.com it would be “ac”.   You could use the last two characters, or the first and third characters – doesn’t matter which ones you choose, as long as they’re always the same.

So for gmail, my password would be WaterL()oo

For facebook, my password would be WaterL()ac

Step Five: Add a number.

Right now we have a unique password for each site.  It has upper and lower case letters, plus special characters.  Let’s add a number, and let’s make that number unique to every website too.

There are several ways to choose the number. You could use the number of letters in the domain name.  “Facebook” has 8 letters.  You could use the number of consonants or vowels too.  You could even get as specific as how many times the letter “o” shows up.  For facebook, your number would be 2.  For Twitter it would be 0.  For cookbook.com it would be 4.

We’ll use facebook for our example and say we’re going to use the number of vowels in the domain name.  facebook.  That’s 4 vowels.

So for facebook, our password would be WaterL()ac4

Step Six: Memorize your scheme.

Once you have your scheme memorized, it will be easy for you to remember a unique password for every website you visit.

Examples

THE FINAL WORD

I’ve been using a variation this method for years and I have never been hacked, and I never have to strain my brain to remember the unique password I have for every site.

This is a very flexible method.  The example I’ve given is just one of countless password schemes that you can design for yourself.  Use a longer word, make more of them uppercase, use more numbers, add more special characters, use a different part of the website url.  Turn the entire thing around and make it backwards if your brain can handle it.  Expand on the idea.  There are probably a hundred ways you could improve on the example I’ve given, and I hope you do just that.

The key is to take the time to sit down and work out your own personal password scheme.  Memorize it, and then keep it secret.  Happy passwording!