This has come up a few times in the past few weeks, so I thought I’d share a really simple strategy to create and REMEMBER a really good, very strong password. As you might know, I have an article on how to create a good password. However, let’s look at this from a practical perspective.
What are the goals?
A password is used to safeguard your stuff. So, what are some important guidelines?
- Should be different for every system to which you connect (if password is compromised, it’s isolated)
- Should be long – at least 8 characters
- Should include uppercase, lowercase, numbers, and special characters
- Should not contain dictionary words
- Should be difficult to guess
- Should be easy to remember
The last bullet point is tricky because sure, I can have a password like Hwha!@#p14!WF but that is no good if I can’t remember it. Hmm.. or could I remember that? See below for an example with this exact password. I bet you actually CAN remember that password by the time you’re done reading this post!
The concept I recommend is this:
- Use a quote that you know VERY well
- Add swear word – which you will use special characters to mask (e.g. “I hate this #$% thing!”)
- Use alternate characters when possible (0 for o, 4 for a, 7 for l, etc)
- After you have the core password, add on a 2 or 3 letter acronym for that particular service (e.g. WF=Wells Fargo, AM=Amazon, NF=NetFlix, etc)
Huh? See the examples below and hopefully this will start to make sense.
EXAMPLE 1 – Hwha!@#p14!WF
Wouldn’t it be good to have the password above? Here’s how you remember it. First, here is a famous quote:
Houston, we have a problem.
I am going to adapt that to be more dramatic:
Houston, we have a damn problem!
To keep things simple, I’ll drop off the “n” from “damn”, and use special characters for it:
Houston, we have a !@# problem!
Now, I take the first letter of each word, include the swear word, and the exclamation at the end. I want a number in there, so what about the 2-digit year. I’ll add that towards the end of the sentence:
That is our core password. Now, for each service we use, you use the core password and a 2-character acronym – which makes the password different:
Bottom line, we now have an extremely-secure, 13-character password which is very easy to remember: “Houston, I have a damn problem (14)!” and then the 2-letter code of that site/service. If the service requires you to change your password on a regular basis, make it the acronym and then a counter. WF1, WF2, WF3, etc.
EXAMPLE 2 – Ycht^&*t14!WF
Here is another example, imagine having that as your password? Let’s see how that is created. First, here is a famous movie quote from A Few Good Men:
You can’t handle the truth!
I’ll add a swear word in there:
You can’t handle the damn truth!
Again, so it’s easy to type, I’ll drop the “n” and give the “dam” special characters:
You can’t handle the ^&* truth!
Then lastly, let’s take the first character of each word, and the special characters, and the exclamation point at the end. Again, I want a number in there so I’ll add the 2-digit year (14):
So, here is our core password. Again, similar to above, maybe I’ll a 3-character acronym for each service. So, here are my secure passwords for each service:
Now we have very-secure, 14-character passwords which are unique for each service, yet easy to remember.
Call To Action!
What I propose to you, is to pick a famous or movie quote that you know – which is short – turn it into a sentence, add some characters and numbers like above – and use that as your password “core”. Then, for each service, change your password to be the core password + acronym for the service.
You will have a very secure password and it will be different on every system you use. If your password is compromised in one place, it’s unlikely it will be compromised on other systems.
Go create a good password, today!