Creating a Strong Password That’s Easy to Remember
As Internet users, we aren’t very good at creating strong passwords. Of all the things we need to remember in life, we don’t want to have to add the password zPb4XPwwyhJJrNJY to the list. So we cut ourselves a break and just use our significant other’s birthdate, or worse, the word password, or even worse yet, 123456.
These are easy to remember, right? And even if we don’t remember them right away, we at least remember we used our SO’s name and birthdate. Unfortunately, the bad guys are pretty good at finding your significant other’s birthdate, and they’ll use it to (correctly) guess your password.
In addition to guessing your password, hackers also use old databases to brute-force username and password combinations. Brute-forcing a password means to try every possible combination until the correct password is found. Knowing that most people create weak passwords and reuse them on multiple sites, hackers spend a lot of time and effort on cracking these old databases. Once they successfully do, they have an excellent list of usernames and passwords to try on other websites.
So how do you create a strong password that’s also easy to remember? Here’s how to do it, plus a few other ways you can keep your information secure:
Creating a Strong Password
A good password contains a random mix of letters, numbers, and symbols (like zPb4XPwwyhJJrNJY, our example from earlier). For most of us, though, remembering a password like this is almost impossible, so the best alternative is to create a really long password or a passphrase. A passphrase is similar to a password, but much longer and consists of actual words.
For example, strike HOLLAND collor letter would be considered a good passphrase. Why? Because it uses a deliberate misspelling and both uppercase and lowercase letters. A passphrase like this is harder for hackers to guess than a typical password, yet easier for you to remember than than gwnHcrn4t7yub7yr.
Follow these rules for creating a good password:
1. Don’t use significant names and dates, such as your birthday, address, or family members’ names.
2. Use unconventional capitalization. For example, instead of capitalizing the first letter of a word, capitalize the last letter.
3. Put numbers in front of a word instead of after it.
4. Use random punctuation in the middle of a word.
Creating Strong Passwords Unique for Each Account
Now that you have a good password, the next best thing you can do to protect yourself is to never reuse it on other sites. Let’s say you use the same password for both Netflix and Amazon. If your Netflix account gets hacked, your Amazon account can easily be hacked, too, because you’ve used the same password for both websites. Creating a secure password that’s different for each of your online accounts can prevent this from happening.
You might think it’s crazy to create a new password for every online account you have. That could be 20 or more passwords!
In actuality, it’s not that hard to manage. Here’s how to do it:
1. Start by choosing three random words: noodle couch wallet.
2. For each account you have, add the website’s name after the first word: noodle netflix couch wallet. Now your password is four words instead of three.
3. Insert special characters, capitalization, and formatting discussed earlier in this post: noodle netFlix couch w4LLET.
4. Repeat this password for all your online accounts, making sure to change the website’s name for each: noodle netFlix couch w4LLET; noodle amazOn couch w4LLET; noodle GOogle couch w4LLET.
What you’re left with is the “same” password for every account, but formatted so specifically and randomly that hackers won’t be able to easily guess them. And, if one of these sites were hacked, your information on other sites would likely remain safe.
Changing Your Password Frequently
Another way to keep your information protected is to change your passwords often. Change them as frequently as you can manage, but at least once a year is recommended. This is also beneficial when those old password databases get hacked. If your username and password are leaked in the hack, they can’t be successfully used because they’ve likely been changed since the database was originally stolen.
Using Multifactor Authentication
Some high-value targets, like banking websites, social media, and email providers, are starting to use multifactor authentication to improve the security of your personal information. Multifactor authentication requires an extra step when logging into a website to prove you are who you say you are. This could be a code texted to your phone that you type into a website or an app that uses your phone’s biometric sensor to prove you’re really you.
Using a Password Manager
If you’re like most people you have accounts on many different websites, which makes creating a strong password that’s unique and easy to remember a little overwhelming. This is where password managers come in handy.
Password managers create, manage, and store your passwords for every website you use. The benefit of password managers is they enforce many of the best practices we’ve discussed for creating strong passwords. Their downside is they are a treasure trove of data for bad guys if hacked.
Good password managers implement extremely strong security, which includes forcing you to choose a strong password and requiring you to change it often. In general, a good password manager is an excellent tool to help keep your information safe online.
Here are a few recommended password managers to check out:
For more on information security, check out Device Fingerprinting: How It Works on the LYONSCG blog.
Ben Vaughan is the information security officer on LYONSCG’s Application Hosting team. As ISO, Ben ensures the security of eCommerce platforms by developing, refining, and promoting good security practices. He has more than ten years of experience in information security.