A Strong, Secure, Complex Password That Even I Can Remember!

john.kingIndustry Trends, Technical TipsLeave a Comment

In the wake of the LinkedIn password theft, I would like to offer up a simple process for creating strong and memorable passwords. These would be less susceptible to cracking if a maliciuous group got their hands on a hashed password list, as they would likely be at least in the 1% toughest to crack category that would require brute force.

In general, a “strong” password should:

  • never contain any words
  • be at least 8 characters (the longer the better)
  • contain at least 1 of each of the following:
    • lowercase letter: a-z
    • uppercase letter: A-Z
    • number: 0-9
    • special character (when the site/system allows them): such as “!” or “(” or “%” or “@” and so on

Note: The special character group is crucial to adding security and complexity to the password

That’s all well and good, but how do you create a memorable password like that? In particular, how do you make one that would still be difficult to guess with hacking software?

Here’s a suggested method to do just that:

  1. Think of a not-so-popular expression, song lyric, quotation
  2. Capitalize it following the rules of Title Capitalization: http://grammartips.homestead.com/caps.html
  3. Hopefully your phrase has a number or something that can easily be substituted with a number (i.e. won -> 1, to/too -> 2, tree/the -> 3, for/fore -> 4, …)
  4. Your password becomes the first letter of each word
  5. Finally, if special characters are allowed, add parentheses, punctuation, and others where appropriate.

Here’s an example of turning a song lyric into a strong password (albeit probably more popular than something you should choose, but this will work as an example):

  1. Original lyric: Don’t stop believing Hold on to that feeling!
  2. Capitalize: Don’t Stop Believing Hold on to that Feeling!
  3. Add/convert to numbers where appropriate: Don’t Stop Believing Hold on 2 that Feeling!
  4. Take the first letter of each: DSBHo2tF
  5. If special characters allowed, add them in a way you can remember: DSB(Ho2tF!)

According to http://howsecureismypassword.net/ it would take a desktop PC 71,000 years to crack “DSB(Ho2tF!)” (10 days for “DSBHo2tF” –> you can see the importance of special characters!)

There are ways to make this even more obscure/secure of course if you like:

  • Always add certain letters/characters at the beginning and/or end of the password
  • Instead of parentheses, use alternates such as: [], {}, <> — or mix+match: open with “[” but close with “}” — or even reverse them
  • Use the last letter of each word instead of the first
  • and so on

Leave a Reply

Your email address will not be published. Required fields are marked *