How to create strong passwords that are easy to remember

I’m sure you have already heard about password managers and how you should use them on a daily bases because it is practically impossible to remember passwords for every service you may own.

And yes, you should have a different password for every service you use, that’s a fact.

If you haven’t heard about password managers take a minute to learn more about it, this Wikipedia article provides everything you need to know: https://en.wikipedia.org/wiki/Password_manager

The guys from Hawaii security had the missile launch password in a post it

But this article does not focus on teaching yourself on how to use a password manager or deciding the one you should use. Instead, we are going to focus on the handful of passwords that are entered on a daily basis and cannot be saved inside a manager (your password for windows for example).

You want those passwords to be memorable and strong since they could lead to compromise all of your sensitive data. The next lines are going to teach on how to generate a strong password that is easy to remember.

Data needs to be safe. Photo from: https://www.pexels.com/photo/person-using-macbook-374720/

Basic concepts of a password: Before jumping into the discussion of how to create a good password lets understand how one can be compromised. There are two factors that make (or break) a password: length and complexity. Added length and complexity both exponentially increase the difficulty in breaking a password.

Password length is the main one, your password must be at least 20 characters long. Today processors are very powerful and can generate and try thousands or millions of password per second. If an attacker is trying to brute force your password (attempting multiple choice before accessing the desired account) and the length is lower than 20 characters plus weak phrase, chances are that the attacker is going to get access. Password length is the main player here.

Complexity is a not so easy concept, passwords must have lower and upper case letters, numbers and special characters. Note that space is included in special characters, spaces are less commonly used, which makes your password stronger.

When Mark’s twitter got hacked, his password was dadada.

How passwords are hacked: Brute forcing was mentioned here but by far it is not the main method that attackers use to log in other people accounts.

Dictionary attacks are the most popular, they are a giant list of passwords containing all possible words and phrases know. The attacker inputs the username and the program does the rest, stopping only when it reached the successful login attempt.

You may think: Those lists will never have my name plus my birth date plus my dog name, my password must be good. This is where you are wrong, modern dictionary making software have options where the attacker can fill up information about the victim and it will adapt the original dictionary file to the victim information, generating brand new passwords!

The general rule is, do not use obvious passwords: password123, p@ssword or any single dictionary word or even famous books/movies quotes are off the table.

Now the problem is, you want a password, but it needs to be long and complex. At the same time, it cannot have any of your personal information or probably cannot have any kind of information that you may know. So you do one can generate a good, complex and memorable password? Below are the tips:

Passphrase: A short phrase that can easily be remembered but it not so obvious for anyone except for you. Bonus points if you use punctuation, then your password with be long and more complex. Examples:

“I love the local Zoo, I wish I could go more.”

“01/01 January is my favorite day ever, a brand new year!”

The passphrases above are strong and easy to remember. They are long and complex.

Diceware Passphrases: Diceware is a method for creating passphrases. The passphrases generated by this method are a little more complex to remember but much more secure. For this, you will need a dice and a diceware word list. The diceware word list can easily be found by a simple search. The list looks like this:

Part of a diceware word list. Found at: http://world.std.com/~reinhold/dicewarewordlist.pdf

How it works: Grab a dice, roll it and record the number. Roll it four more times and find the word that is accompanied by the number you randomly generated. Record the word and do the process again the number of times you need. If you want a 5 words passphrase, the dice must be rolled 25 times.

The result should be a strong passphrase like:

niobe solo leyden apple batt

You can also add capital letters to your passphrase or special characters to make it even more complex.

The first letter method: Grab a phrase, get the initial letter of every word and make it a password.

Example: Writing a list of random sentences is harder than I initially thought it would be.

Becomes: WalorsihtIitiwb

It is a complex password that is fairly easy to remember, right? You can even play more and get a more complex one:

Final password: Writing a list of random sihtIitiwb

Some simple tips on how to create string passwords were displayed above, of course, there are more of them but those are what I consider the most valuable ones. Now get rid of those post-it notes that you have and start remembering your new ones.