How to create strong memorable unique passwords

by Michael

I recently decided to change all my passwords in order to make them easier to remember and stronger. One would think that making a password stronger would mean that it becomes less memorable – not if you use a method and thus only need to remember the method for creating the password instead of the actual password.

Most sites have some requirements on password complexity such as:

  • length has to be 8 or more characters
  • must have at least 2 numeric characters
  • must have at least 2 non-alphanumeric characters, e.g., $
  • must not be a word or name

Methods

Memorizing finger movements. One method for creating such a password is memorizing finger movements like zig-zag qwerty using shift in some places which could result in the following password <1q@w#e4r>. A drawback with this method is that if you need to use a keyboard with a different layout, it will become nigh impossible to enter the password. Since I travel a lot and spend some time in internet cafes, this method is a no-no for me.

Replacing letters with numbers. Take a word or a name and replace the letters with numbers, this means that your moms name <Barbara> becomes <84r84r4> and we throw in a few non-alphanumeric characters to seal the deal <@84r84r4#> and we have a strong password. As long as we use non-alphanumeric characters as well, this is actually a pretty good method. Using only the letter -> number replacement is too weak.

Ensuring uniqueness

The above methods are pretty great but do not result in a unique password. A safe password should be unique so that if one of your passwords leak, other services that you use are still safe. One way is to mix in the name of the service that you use into the password. Time for an example:

  1. I have to choose a password for my picasa account
  2. I choose <Samoa> as my base password in my mind
  3. I apply letters to numbers method and get <54m04>
  4. throw in a @ and # and finally get <@54m04#>
  5. I want unique passwords, so now I will mix in ‘picasa’ into my password
  6. the final password is <@54m04#p1c454>
  7. done

Now we have a strong unique password that is easy to remember.

Advertisements