It’s easy to create strong passwords you can easily remember, and safer too
How many passwords have you created in the past 12 months? And how many you have changed?
Can you remember them all?
The number of online accounts, apps and services you use every day have increased dramatically. The ones you care about require a log in with strong passwords, to keep them secure or to quickly enter to validate a payment. etc. Then you want to log in from a different device – mobile phone, tablet, PC, or just in different browsers or app. Most of the time our browsers and apps remember the passwords, but it does not help much if that is on a different device.
So passwords need to be memorable as well as secure. We’re also told to have separate passwords for each site.
The good news is that it is possible to create strong passwords you can remember yourself that are unique, highly secure and best of all, memorable. The best of both worlds.
Just wing it. That’s good, right?
There are so many password to remember, and we can only keep so many in our heads. There’s just too many to track.
It’s so tempting to simply create one memorable password and use it over and over.
Now that’s dangerous! Very risky.
The most common username is your email address and if your general-purpose password gets into the hands of hackers they will try the combination on many other websites, not just the one that was hacked.
That way if a blog you are following gets hacked, the hackers may get access to your PayPal account if you use the same username and password there as well.
The golden rule is to never share passwords across websites, all passwords should really be unique per website.
Automatic password creation
There are different ways to create unique passwords. There are good tools available to generate new, strong passwords that are hard to crack.
- Browsers or devices can generate and remember the passwords for you. They are stored locally. Try not to lose the device.
- Or you can use one of the many password generators and password management apps available online. They store all your passwords securely in one place.
However, not everyone thinks it is a good idea to entrust such critical information with a password manager — password manager sites can also get hacked, and then the cat is among the pigeons. Note what happened with LastPass in 2022.
These auto-generated passwords are very strong. They typically look like this : zozJop-2nesre-mozbeh. Try to crack that. They are uncrackable, even by very powerful computers.
Now try to remember it. They are also impossible to remember, so you have to store them somewhere, which can make them vulnerable.
Manual password creation
It is totally feasible, and easy, to manually create passwords that are as unique and secure as those automatically generated passwords. And for them to be easy to remember as well.
It takes a bit of ingenuity to create and memorise one rule and then it will be very natural to remember just about every password you need.
Remember the rule, not the password
Websites specify a set of rules to follow for creating their passwords. Usually this includes having more than 8 characters and using uppercase and lower case letters, numbers and special characters, with no repeating or consecutive letters or numbers or common text like ‘pass’ or ‘qwerty’.
Most important is the length, the longer you make the password the more secure it is. Using a larger set of characters increases the complexity exponentially. Just using some of the 26 lower case characters makes the password simpler and easier to crack than one that also uses some of the 26 upper case characters and that is simpler than also using some of the 10 numbers and around 20 special characters. It’s the same way that no two decks of cards that have been thoroughly shuffled are the same – the order of the cards is unique every time.
Password generators heed that rule and create passwords that are very long and just a jumble of characters in the correct format. They are totally unique.
And uniquely unmemorable.
We can create our own ‘memorisation rule’ that only we know. It means we can create our own complex passwords that are equally unique and secure,
but also memorable.
Never be tempted to share the rule, it’s your personal secret!
Each website needs its own password, so use that fact to create the password
It’s common practice to use child, pet, partner or other family names as the key phrase in a password.
A lot of our personal information is out there on the internet and not secure at all.
How many times have you entered your pet’s name, or your mother’s maiden name, on a website or form? The same is true for anything else shared on social media sites, like your favourite movies, books, sports teams . All that information is already floating around on the internet, or on hackers’ computers.
These phrases make passwords easy to remember, but they also provide easy clues to be used by anyone trying to guess.
An alternative, and better, key phrase to use as the first step in your ‘memorisation rule’ is to use the name of the website or app. That helps to make it unique.
Instead of using ‘Fluffy1$’ on every site it’s better to use ‘Amazon1$’ and ‘Paypal1$’, etc to ensure each site has a unique password.
These are not yet good, strong passwords, but they are at least unique and conforming to the site’s rules.
Instead of using the website’s name in full in the password the rule can be extended by splitting the name and adding extra characters instead of just one number and symbol to conform to the site’s rules.
Change the password to ‘Ama12#$zon’, ‘AMA12#$zon’, Pay12#$Pal’, etc. So:
- Set a rule for the uppercase/lowercase mix.
- Remember a pattern on the keyboard for the numbers and special characters.
- Set the rule to start with the 1st 3 characters of the website name and to end with the last 3 characters.
This makes it easier to remember as the rule is the same for short-name sites and long-name sites like MoneySuperMarket – ‘MON12#$ket’
And already much more secure.
This simple set of steps forms the basis of the memorisation rule. It’s a start.
Longer is better
The rule of 8 characters prevents setting really short passwords.
However, the guidance from many cybersecurity firms and specialists is that a minimum of 12 or even 14 characters ensure passwords are very secure. By padding out the password created with our ‘memorisation’ rules with enough symbols, numbers and uppercase and lowercase letters, you can create extra strong passwords that are still easy to remember. We just need to make the padding memorable as well.
Use special characters between parts of the password
Most password generators use the underscore ‘_’ character as a separator. It has become the norm, so why not copy that.
Use it to visually separate the different parts of the password. So our earlier password will become ‘MON_12#$_ket’, which is already 12 characters long.
And very strong.
It’s easy to remember, unique and a simple format that conforms to all the rules.
Use any other special character instead of the underscore if you like and add as many parts to the password as required. There may be a maximum length that is set by each website, typically 32 characters.
Have fun with more numbers and letters
Passwords need a mix of uppercase and lowercase letters and symbols, plus numbers to help make them more secure.
Many people use their birthdays, a child’s name, etc to pad out a password. But why not have a bit of fun that will put a smile on your face every time you enter the password?
A football fan could use ‘MON_30_July_1966_ket!’ as their memorable clause. *Different memorable dates may apply for football fans outside England.
No-one can crack this one!
Hopefully England fans will not have to wait that long for them to ‘bring it home’.
Play around with some ideas. Just remember the rules.
What happens if you need to change the password?
Sometimes you are required to change a password. It is a good idea to do so regularly anyway.
Most cybersecurity firms and professionals recommend that you change your passwords every three months. Three months is very frequent for most people, but sensible. Cybercriminals and hackers don’t typically hack individuals (other than through phishing). They hack large corporations and businesses, download millions of passwords and then let their computers try them out on the usual websites. These data breaches mean any passwords can be at risk at some point in time, without you knowing.
In that case try adding ‘#2’, ‘#3’, etc at the end to create a new password. Alternatively create a new memorable phrase to use in the centre of the password for new passwords from that date on.
Whatever timescale you decide set a reminder in your calendar to remind you. Then every time you change a password set its next reminder.
Summary – create strong passwords you can remember
These are the main things to remember when managing your passwords – the rules and the guidelines for making them memorable.
- Create a different, unique password for each online account.
- Use uppercase and lowercase characters, numbers and special characters to make the number of possible variations as large as possible.
- Ensure the password is at least 8 characters, preferably 12 or more.
- Use the name of the online account in a set format to make the password relevant, unique and memorable.
- Split the password into memorable parts using special characters.
- Use memorable phrases (not birthdays of family names) to ensure you remember them.
- Change passwords frequently to keep hackers guessing.
How strong is strong?
You can check online how strong a password is and how long it will take to guess it (called a brute force attack).
There are several password strength checker websites, one of them is PasswordMonster.com. That is the one we used for the examples above.
Note: Before entering a password check that they clearly state they will not store any passwords you enter. Or use a similar word, not the exact one.