We all know what goes into a strong password. Lots of random numbers, phrases and characters. But supremely strong passwords are nearly impossible for mere mortals to remember. Strings of random numbers and symbols simply don’t stick in most human brains. Luckily, there are ways to create random, strong passwords that are easy to remember. We’ve compiled some tips for creating strong, memorable passwords from the security experts at Microsoft, Google, Information Week and even BoingBoing.net.
Strong Password Basics
Just in case you forgot, here are the bare minimum requirements for a strong password, from Microsoft. A strong password:
- Is at least eight characters long.
- Does not contain your user name, real name, or company name.
- Does not contain a complete word.
- Is significantly different from previous passwords.
- Contains upper case letters.
- Contains lower case letters.
- Contains numbers.
- Contains symbols.
Now that we got that out of the way, let’s figure out how to make it memorable.
Be random, but human
We’ve established that random strings of numbers and symbols are tough for humans to remember. Random phrases, however, tend to stick. For example, which is more memorable:
The second string of silly phrases is much easier to remember.
Don’t make sense
Turtle$Bucket*Mishap doesn’t make sense. The three words wouldn’t typically—or ever—be next to one another in a sentence or phrase. This makes it harder for humans and password-hacking programs to guess. But the phrase is still three easily recognizable English words, and that means it can be guessed. To make a random string of phrases truly strong, we’ll need to make some adjustments.
Make it long
Long passwords are hard to crack. Period. Eight characters is the minimum, but 16 is even better. If you can remember it (and if the site/system you’re on will allow it), go for 24 or more. Use whole nonsense phrases like “WitchRikerBobTroutCoffeeBrooklyn.”
Symbols can make passwords stronger, but be careful. Common substitution schemes like replacing “S” with “$” have become old hat. Instead, create your own substitution scheme. Replace “G” with “%,” for instance. Or “O” with “+.” Build your own symbol substitution scheme and keep it secret.
Avoid things that are personal
Personal events, pets names, birthdays, etc., are easy to remember. They’re also limited in scope. You only have so many pets or remember so many birthdays. Once you run out of them, you’re sunk. Also, avoid personal secrets. Think of how it would feel if you had to reveal that secret to tech support just to retrieve an online account.
Obfuscation is at the center of crafting an uncrackable password. In the most basic sense, it means hiding something in plain sight. Or adding noise to information until it doesn’t look like information anymore. You can obfuscate the memorable or meaningful bits of your passwords to make them more difficult to guess. Ideally, obfuscation has no pattern. Adding numbers, letters and symbols throughout your password will make it harder to guess (or crack). Of course, this will also make it harder to remember. Try to find a balance between randomness and memorability. You can also create an obfuscation scheme—always surrounding the letter “e” with “5” and “9,” for instance. Schemes and patterns, however, can make passwords easier to hack.
Use unique passwords
Once we’ve created a strong, memorable password, we tend to reuse it. Don’t. Create separate passwords for every site or service you use. If one site falls pray to hackers, they won’t have access to all your other accounts.
Fishing scams nab tons of passwords every year. If you ever receive an email asking for login info, pay close attention. Is it legit? Is the email from a verified source? Same thing goes for any site that asks for login info. Sounds like common sense, but always double check URLs before you enter login info. Some fishing sites have strikingly similar URLs to the real things.
Use a password manager
Finally, use a password manager to keep track of all your passwords. A good online password manager like LastPass will store and encrypt all your password data, keeping it safe from hackers, yet easily accessible. With a good password manager, you’ll only have to remember one password: your master password. Be sure to use the techniques above to make it as strong as possible.
These simple techniques will help you create a strong password. For more tips and tricks, check out these articles.
Microsoft’s tips for creating a strong password: http://windows.microsoft.com/en-us/windows-vista/tips-for-creating-a-strong-password
Seven tips for creating a strong password from Information Week: http://www.informationweek.com/security/client/7-tips-to-toughen-passwords/240001775
Choosing strong passwords from BoingBoing.net: http://boingboing.net/2011/06/23/choosing-strong-pass.html
Six great password managers, from PC Mag: http://www.pcmag.com/article2/0,2817,2381432,00.asp