We all hate passwords. Either you can’t remember them, or you re-use the same one over and over to avoid forgetting it. Trying to come up with new passwords is a never-ending battle against human memory versus the potential for someone to guess the one you have. So how do you create secure passwords, and remember them?
There are a few ways I have personally found helpful, and I’ve rated each by using the tools found at http://howsecureismypassword.net – which you should also use to test out your own passwords! Please do NOT use the examples I give here. Remember this is a public blog and it’s a pretty good guess that bad actors will add these to their lists of passwords to try very soon. Take these as general guidelines and ideas, but choose your own actual passwords.
1 – Use sentences. Believe it or not, a password doesn’t have to be a single long word or a string of gibberish to be secure. Using a sentence, along with proper punctuation, can be really hard to beat. Let’s look at an example: “Hello, I love Yahoo.com” is sixteen characters long, and would take approximately three septillion years to crack – and yes that is a real number. Since sentences are easier to remember than random words and can be changed easily for each site, this is one great method for generating more secure passwords across your accounts.
2 – Combine words together in non-obvious ways that you’ll still remember. The webcomic XKCD [https://xkcd.com/936/] gave a brilliant example of this with “CorrectHorseBatteryStaple” – before it was posted on a wildly popular comic strip, it would have taken about 7 quadrillion years to crack, and I’d bet you remember it for years to come. Picking the right, and memorable, groups of words is something that will take some time but is well worth the effort.
3 – Use a password manager that generates unique passwords and remembers them for you. LastPass, OnePassword, and dozens of others exist; and are very easy to use. For a test, I ran “iftHzNdsxNfEdns6LuvwfeEg” (a randomly generated password from my own password manager) against the testing site and found out it would take eight septillion years to crack. The downside is that if you go this route you really need a password manager to help, as there’s no way any of us will remember even one of those passwords, much less the dozens we need to use every day.
Each of these three ways to generate stronger and more easily remembered (by you or by software) passwords can be applied to just about any site you visit or application you use. Some sites and apps will allow one (like the multi-word nonsense phrase) but not others (like a full sentence with spaces and punctuation); so you will have to mix up methods now and then. Also, remember most password managers can remember both random passwords you ask the software to create and those you create yourself – so they’re a very good tool to invest in. Finally, remember to use multi-factor authentication like smartphone apps or tokens and adaptive authentication wherever it’s offered, to make the password less likely to be a single-point of security failure.
Put together with multi-factor and adaptive authentication, any of these three methods will keep your information secure online and off. If multifactor authentication isn’t offered, complex passwords created by these methods are your best defense against people guessing your credentials. Just pick the method (or methods) that work best for you, don’t re-use passwords on multiple sites, and stay safe out there.