How to Make a Secure Password You Can Actually Remember
The advice usually given nowadays if you want to keep your online accounts secure is to use a password manager, such as LastPass or Bitwarden. Sometimes though, you have to work outside of the scope of what most password managers can cover, such as your computer’s login password, or your password manager’s master password.
In such cases, you need a password that is strong, but also easily memorized. And to help illustrate how to make a password that is both, I’ll introduce some of the more traditional password advice, and also talk about purple balloons.
3 Rules For A Strong Password
For those of you who may not be aware, traditional advice for creating a strong password can be summed up in these three helpful points below.
- The longer your password, the stronger it is. (12+ Characters Recommended) This remains the case despite the passage of time. While the ideal minimum password length is debatable, the number seems to increase as we go along. Years ago, the minimum suggested length used to be 8 characters long. Nowadays, as technology has evolved, it’s more common to see recommendations of 12 characters long, 16 characters, or even more. In the future, that number will likely increase further. Just remember: longer = stronger.
- Include at least 1 uppercase letter, 1 lowercase letter, 1 number, and 1 symbol or special character. This is pretty self explanatory, but a strong password has at least one character out of each of these four different categories. Symbols or special characters are anything besides a letter or number. So for example, things like: , . ; ‘ ! ^# $ % * etc.
- If it’s a word found in a dictionary, keep it out of your password. This probably seems strange and very limiting at first glance, but technological tools are sophisticated enough to “guess” passwords that contain any words that can be found in a dictionary. So you want to avoid using any real words, basically.
In order for a password to be considered strong and secure, it must meet the criteria of all three of the above mentioned points. Now you may be thinking: “Wait… what? If you’re not supposed to use any words from a dictionary, then what can you use instead?” If you‘re worried you’ll never be able to remember random gibberish passwords like 4hR#*blx2Z don’t fret, you don’t have to make them like that either.
Next, let’s break the process down together using some examples, and we’ll start by using the words “purple” and “balloons” to create a memorable password.
Yes, we’re going to discuss purple balloons below. Also passwords.
Making It Memorable
If we reference the above 3 rules, just using purpleballoons as our password would only satisfy rule 1, and would fail to meet the requirements of rules 2 and 3. In other words, it would not be a secure password. But let’s use that as our starting point, and make some modifications to it.
That’s the main key to making a memorable password: start out with something that is easy for you to remember, and then modify it enough to satisfy the 3 rules we’ve previously established. So let’s take a look at some easy and common ways to satisfy rules 2 and 3.
(Keep in mind, you do not have to follow these directions exactly. And actually, your creativity will be of benefit to you here. This is merely one way of accomplishing it. As long as your resulting password satisfies the rules listed earlier, it is considered secure.)
Rule 2 says we need one of each of the four types of characters. A common way to satisfy the uppercase letters rule is to capitalize the first letter in each word. So doing that for our example, now we have PurpleBalloons which satisfies 2 of the 4 categories for Rule 2. We still need a number and a special character.
You might simply be tempted to add a number and a special character to the end of your password, like PurpleBalloons*8 for example, and that is an okay thing to do in general. Making those additions to our password does now satisfy the requirements for Rules 1 and 2, so it’s better than before, but it still isn’t a secure password, since it fails to pass Rule 3.
Let’s look at a simple way to satisfy Rule 3 while still keeping your password easy to remember. One approach is to take characters inside of the word itself, and replace them with numbers and symbols that are visually similar to the letter. To see how this works, let’s go back to PurpleBalloons and change at least one letter in each word to satisfy Rule 2, and meet Rule 3’s requirements at the same time.
Looking at the letters in PurpleBalloons carefully, we can identify some simple characters to replace with numbers and symbols. The “l” character is easy to remember when replaced with the number “1” or the symbol “!” for example. The “a” character can be visually replaced with the “@” or “&” symbols. You might replace the “o” characters with the number “0” or maybe a “*” symbol, and so on.
You don’t have to use visually similar replacement characters, and you also can mix and match or selectively replace throughout the password rather than fully. The main goal of this approach is simply to make sure all four categories of characters established in Rule 2 are present in the password, and at the same time, you are breaking up the dictionary words in order to satisfy Rule 3 as well.
So just for the sake of example, here are a few ways we might modify our PurpleBalloons password to make it secure using this approach:
Just from these examples you can begin to see the pattern, different ways you could change the letters into similar looking things, in order to keep your password fairly memorable.
All four of these examples meet the requirements of our three established rules, and would therefore be secure passwords under normal circumstances. Though please use your own ideas, and not these exact examples for your own accounts. Putting these passwords on the internet in this article has rendered them insecure by default.
Now thinking closely, the word “balloons” is probably not the best word to base your password off of, because you actually have multiple dictionary words inside of it: balloons, balloon, ball, loon, and loons. But as long as you’re careful and thinking that sort of thing through, you can still make the necessary adjustments so that no complete dictionary words are found in your password.
Careful observers will notice that an extra exclamation point was added to the end of the third example, and that’s another thing you can do to increase the length of your password that’s fairly easy to remember. Another trick is remembering some kind of related phrase that only you will know, such as “Eleven Purple Balloons!” to help you remember that you replaced the “l” characters in the first password example above with a “!” symbol and the number “11”.
Finally, we’ll go over some good practices to help make sure you’re staying smart about the security of your online accounts.
A Few Good Practices To Help Keep Your Accounts Safe
- Use a password manager. It’s not strictly required, but there are several advantages and conveniences to using a popular password manager software. Perhaps the most significant of these is that you only need to remember a single master password to gain access to all of your accounts. With most modern password managers, you are able to generate those long, random string character passwords that would be difficult to memorize, and have the password manager remember it for you. Explaining password managers would require a dedicated article, but for the curious, a list of popular password managers can be found on Wikipedia here: https://en.wikipedia.org/wiki/List_of_password_managers
- Use a different password for each account you make. While you can do this manually yourself, it is tedious, and this is where password managers can really help you out. Spend enough time on the internet, and you’ll have many accounts created. While it can be hard to remember a bunch of different passwords, using the same password or even a few different ones across all your accounts is a bad idea. If data is ever compromised from the services you use online, your passwords may be in the hands of those whose actions lack integrity. If you’ve used that password across multiple websites and accounts, all those accounts are then accessible by anyone who has acquired your password.
- Change your passwords periodically. Yes, it’s a hassle, but it’s a good idea to change your passwords for all your currently used accounts at least once a year, if not more often. When you do, make entirely new passwords for them that you haven’t used anywhere before. This can help cut down on the likelihood that data breaches and cyber criminals have access to your accounts. Even if your account credentials have been compromised without your knowing, as soon as you change your password on one of your accounts to a completely new, secure password, you’ll confirm or regain your exclusive control over that account.
- Refrain from using public information like your name, address, or birthday in your passwords. Since these kinds of details can be easy for folks to remember, they are tempting to use in passwords. But because that kind of information is very easy to obtain online, it’s one of the first things that will be tried if someone is seriously attempting to gain access to your accounts. If you insist on using this sort of information, consider breaking the contents up throughout the password, or arranging the characters in unusual ways, rather than typing it out normally.
If you found this helpful, feel free to reach out! Stay safe out there everyone, and thanks for reading!