It seems like everything wants a password these days. You’ve got a password for work, a password for online shopping, a password for your bank account…the list goes on and on. The number of services requiring a password makes it tempting to use the same one everywhere – but that’s a really bad idea. Using the same password across every site means that if just one of them is hacked, then the hacker has the details for everything you use.
So what’s the answer? One approach is to use a password management tool to randomly generate and store all your passwords. There are many software solutions available that will do this for you, two of the best being LastPass and Keepass. Programs like these are great, but have their drawbacks. For a start many charge for at least some of their features, and they all require you to trust your passwords to one single source. While they take all kinds of measures to secure your data, it still introduces an element of risk. The other downside is that the tools encourage you to forget your passwords. There is a school of thinking that says this is a good thing, because good passwords are too difficult to remember. But what happens when you need a password and don’t have access to your password store? Even worse, what happens if you forget the password required to access your passwords? For these reasons I still find it useful to create passwords that I can carry around in my head – but that doesn’t mean you have to resort to weak keys.
One method is to come up with a memorable base password that you can then build on and make unique for each service. Avoiding words found in the dictionary and names will help make your password harder to crack, so consider using a short phrase or perhaps the first initials of favourite song lyric or quotation. For example, if you were an Oasis fan (and who isn’t?) you could take a line from Wonderwall:
I don’t believe that anybody feels the way I do
We can turn that into memorable but random looking password by using each first letter, giving you idbtaftwid. That’s a pretty good start – a ten character none dictionary password that you won’t forget!
It’s good practice to use complex passwords that use a mixed case, numbers and symbols, and in fact many sites will require it. To bring our password up to scratch lets change it slightly, but in a way that still makes sense to us. If we capitalise the I’s like we would if we were writing the original lyric, and then add the year of release to the beginning we get:
Now, I know what you’re thinking, it looks like a nightmare. It’s long and looks like gibberish. The beauty of it is though that although it looks like gibberish, it means something to you. You don’t have to remember the password as it appears – as long as you can remember that lyric you’ll be able to remember your password.
Finally, we can take our password and make it unique for every site we use it on. Let’s say we want to use it as a base for our Amazon password. Take the last three characters from the name of the service and add it into your password. Insert it at any point you want, but make it consistent across all the versions you create. For this password, I think after our year of release might be the easiest place to remember and least obvious to anyone looking at it. This gives us:
A password to be proud of! Using our new method we can quickly create a whole raft of passwords:
95ttoIdbtaftwId – Lotto
95ookIdbtaftwId – Facebook
95terIdbtaftwId – Twitter
If you use this method yourself, mix it up to make it truly individual to yourself. Try placing that meaningful number mid-way through the rest of the characters, and adding special characters like ? ! * @. As long as you’re consistent and make it meaningful, you won’t forget it.
So there we have it – with a little bit of thought you can create a password scheme that is easy for you to remember but produces terrifying looking passwords! Do you have a different system that works well for you? If so why not tell us about it in the comments below.