Passwords That are Easy to Remember and Hard to Guess

I wrote this little guide for my aunt. Her email password got hacked a while back. If you don’t currently do something similar, you should!

First, here is how to make a bad password that will get hacked:

  • Use a word that is in the dictionary, even if you r3place s0me l3tt3rs w1th number5 (that’s an old trick) or…
  • add a 1number1 to a 3word3 (that’s an old one too)
  • Make your password a too common phrase like your favorite band, “Flock of Seagulls”, or your birthday “2/2/1980″. There aren’t enough 80′s New Wave bands or birthdays to fool a brute force attack on your password.

Now here is how to make a good password that is easy to remember and won’t get hacked:

Change all your passwords to follow a pattern. Make the pattern something you can easily figure out but a password thief could never do.

  1. Start with a basic password that is something you like, but misspell it. For example, “caps” to “kaps”.
  2. Change it so that it has a capital letter, a number and punctuation. For example, “Kaps^2″.
  3. For every website you go to, prepend part of the website name to the new password. For example, maybe use the first 2 letters and the last letter of the site. You’d get “amn” out of  amazon.com. So your password for Amazon.com would be “amnKaps^2″ and your password for Bank of America would be “baaKaps^2″.

That’s it!

Your final password should be between 9 and 12 characters. (some websites stupidly limit the length of your password, and you don’t want to have to use a different strategy on those sites, lest it be harder to remember.

You now have a REALLY GOOD PASSWORD that is REALLY EASY TO REMEMBER and REALLY HARD TO GUESS. And it’s DIFFERENT ON EVERY SITE so when one website gets hacked, the bad people don’t know your password on other sites!

————————————————–

If you have gmail, I strongly recommend you turn on 2-step verification.
How to enable it.
A friendly video that walks you through it.

Yes, it takes a little effort, but so does locking your front door when you go out.

Short story: last year I sat down at a public computer at City College. As I typed in my password, I got this chill, wondering if there might be a virus on the computer, sending my password off to some nefarious Russian hacker den or somesuch. So the first thing I did was enable 2-step verification.
Flash forward 3 months to this ABC News article that starts out “A computer virus found at the City College of San Francisco may have been part of an elaborate international scheme stealing students’ personal information for more than a decade.”

Yes, the bad people got my password. But my password strategy and 2-step verification protected me. Nuff said.

5 Comments

  1. jim says:

    thanks for the password creation advice. a couple of tho’ts:

    there’s the consideration that password thieves may be willing to analyze patterns (most, seems to me, will not–they’re opportunistic by nature, and only systems with big snatch value will justify any work beyond what software robots can do).
    if a password thief cracks one password, e.g. amaKaps#1, and discovers the user has a b of a account, and surmises the password pattern scheme at work, it’s pretty easy to guess boaKaps#1, baKaps#1, bofaKaps#1… until match.

    also maybe advise against initial caps, # followed by a numeral, and deprecate the use of the numeral 1, e.g kAps%6 or kaPs7# ….

  2. lee says:

    >there’s the consideration that password thieves may
    >be willing to analyze patterns

    If bad people have stolen enough of your passwords so they can analyse the pattern, then you have a much larger problem that can’t be solved by making a hard-to-guess password!

    Jim, those are good thoughts. Thank you! I changed my post a little to improve security while keeping the passwords easy to remember. You are right that my original suggestion of “#1″ is a poor password choice. I changed my example to “^2″. Hopefully our fair readers will chose their own strategy.

    Security is always an imperfect struggle against bad people.

  3. lee says:

    Here’s another great way to make good password from Megan. It’s similar to the one above but so simple I’ll include all the steps right here:

    1. Pick a favorite word. For example: “orange
    2. Tweak it a little, maybe a capital letter and funny punctuation (you only have to memorize this once, and it’s based on your favorite word so it won’t be hard to remember): “o#Ange
    3. Insert the name of the site in the middle of your word, like so: “o#anAmazonge

    Done! It’s different on every site, easy to remember, and impossible to hack.

  4. [...] can make an easy-to-remember and (hopefully!) impossible-to-hack password. Please use this advice: Click me! Click! Clickie-poo! Clickie-kins!! Click-er-doodle! Possibly related posts – Making your Microsoft Exchange password different from your Windows [...]

  5. lee says:

    And here’s another humorous thought on password creation:

    (via)
    This is a good start but you should still definitely make the passwords on each website different!

Leave a Comment

Do not write "http://" in your comment, it will be blocked. It may take a few days for me to manually approve your first comment.

You can edit your comment after submitting it.