How to Write a Good Password
Making passwords is something everybody on the web does. The art is in making good, secure passwords that you can also remember easily. There are two methods I have found really effective. There are tons of passwords I use that I have to be able to recall at any time. Most people would resort to making short passwords, writing passwords down, or using the same password for multiple things, these methods are horribly insecure.
The first way I have found very effective is to use phrases or sentences. The phrase should be something rememberable and contain numbers too. One example of this would be something like, “ilovemy1995thunderbird”, (I love my 1995 thunderbird). This is 22 characters long, and pretty easy to remember. The phrase should be something that makes sense to you. So maybe if you were born in 1942, instead of resorting a typical password, which would just use your birthday and are guessable, turn it into a phrase like, “iwasbornin1942″, now you have a hard to guess, long, and easy to remember password. This method is also very effective for passwords that have to be shared with others, using phrases will make it fairly easy for even forgetful people to remember.
My second method I commonly use for passwords is good to use on websites that you might not use a lot, and therefore are prone to forget the password. What I will typically do with such a site is use a combination of the site name in a phrase. So with a site such as yahoo you could have a password such as “ilikeyahooalot”, or for google maybe something like, “googleisreallygreat”. Using this method you can also use it as a pattern so for attackr.com, using the previous pattern it would be “attackrisreallygreat”. It is good to note that if you use such a pattern it would be potentially possible if someone discovered one of your passwords to guess the others. However, this is fairly unlikely and better than reusing the same password over and over again, but not quite as secure as the first method.
Well I’ve used these methods fairly successfully for a while now and they have been a big help to me. I hope they are of use to you too, enjoy.
October 29th, 2008 at 5:49 am
These are great tips - most people think that passwords need to be complicated, hard to create codes, similar to hieroglyphics when in fact a simple sentence is more than enough for a strong password.
If you can’t remember your hard to guess password for every site, your best bet is to use a password manager.
Here is a quick post on why longer is stronger, when it comes to passwords:
http://tinyurl.com/yqebur
Hope it helps!
Louise
PS You may have guessed, I work for Passpack : )
October 30th, 2008 at 2:29 am
That is a good idea, to use a password manager, and it is almost always true that longer is stronger. In the past I used a password manager, but my problem is I become too reliant on it and forget what the passwords are, which can lead to problems if you loose the data for whatever reason or have to use a different computer than normal, so now I just memorize all my passwords, which has the added bonus of keeping the brain agile. Another potential problem with recording you password anywhere, be it a software manager or piece of paper, is security. There is always the potential that somehow someone could access it and get your passwords, or gain access with your passwords. Even if it were to use a password to protect access to such passwords, I now have only one lock guarding the keys to all of my locks. So if access to this one lock is gained then all locks are vulnerable. However if you memorize your passwords then there isn’t such an issue.
October 31st, 2008 at 6:47 am
@graystatic Your concerns are all completely valid and I have had to overcome the same issues myself but if you think about it - we put our personal data online all the time and considering nowadays we have a lot of passwords, people usually resort to reusing passwords. So this means that if someone gets access to that one password of mine, they may have access to many other of my accounts.
But ok, let’s say you have a bunch of great, unguessable, long, strong and unique passwords - the best place to keep them IS in your head. It’s probably one of the only places that is almost impossible to get into ; ) BUT how likely are we to remember 25 unique, strong passwords? Yes, your memory will be kept agile, but it may just be impractical for people who just can’t remember all that stuff - like me - I sometimes forget what date it is!
Point is, of course no one has to use a password manager but if you do, there are some (like Passpack) that ensure that you are putting your delicate information in a fort knox - like security vault, like that of your memory.
Thanks for the reply to my comment : )
Louise
October 31st, 2008 at 7:28 pm
It is true that you may forget passwords, as I do too. That was the point of my second method, was for things that don’t need to be as super secure, you can use a pattern. So if you come back to a site after a few months or a year, you can still figure out your password, by using your pattern (or algorithm, probably a more appropriate term). This does mean your passwords could be guessed, but it would probably take someone getting at least two or three of you passwords before they might see there is a pattern. And another way to make it more secure is to have variations on the pattern, maybe reverse it sometimes or use a couple patterns with the site name in it. This way if you forget you could try them and be able to figure it out fairly quickly and yet it would still be hard to guess. The idea is to make something that obvious to you, but would be hard to guess (and minimizes what you have to memorize).
November 4th, 2008 at 6:12 am
In the end, whatever method works for you AND is secure is the best method! Thinking up my own patterns doesn’t work for me only because I have a pretty bad memory : )
Louise