How to Create and Remember Strong Passwords

Tweet

Sometimes, it feels like I have a million passwords, and I definitely don’t have the memory to be able to recite them at will. I admit, I am guilty of taking the browser shortcut and saving many of my passwords in Firefox. It definitely speeds up my login processes. At least until I clear my browser cache and cookies and am stuck trying to remember exactly what credentials go with what site.

Never mind the issue of creating strong passwords. But it’s possible to accomplish both feats — create relatively good passwords that you can actually remember, either on the fly or with a handy tool to help you along. Here are a few tips that cover both goals from a user’s perspective.

Stay Away from the Most Common Passwords

Last year, we inadvertently learned a lot about common passwords from the server hack on Gawker Media that decrypted and publicly exposed the usernames, email addresses and passwords of more than 188,000 registered users on several Gawker Media websites.

You can see the list of the 50 most common passwords, and although these are specific to Gawker Media sites, many of these passwords may, in fact, be universally common. Among the most common passwords exposed were 123456, password, 12345678, qwerty, abc123 and 111111.

It may not be foolproof, but one easy way to create a better password is to start by steering clear of the passwords exposed during the hack and other commonly used passwords.

Devise Your Own Formula

It can be impossible to create memorable passwords without a formula, meaning or something else that will quickly trigger your memory. And using a known or easy to guess word or date isn’t always a great idea. Here are a few alternative ways to create passwords that are stronger than “password,” but also easy to remember.

Variations on a Theme

Pick one master word that can become the root for all of your passwords, then create the rest of your passwords based on that root and a formula that makes sense to you.

Pick a Pass Phrase

This can work two ways. If a specific password can be a lot of characters, you can use a phrase or short sentence that is easy for you to remember. If the allowed number of characters is limited, you can take the first letters of each word in your pass phrase to create a shorter password.

Add Numerals and Punctuation

Adding or replacing letters with punctuation and numerals is a good way to make your common passwords stronger.

Pick One Management System

Once you have a system for creating strong passwords, you need to tackle the recall issue. How will you remember what sites use each password?

Hard Copy

If you’re a pen and paper kind of person, you can keep a file (or even a collection of sticky notes) with your passwords by your computer. This can be a secure option since, theoretically, only those with access to your office can see them. But you may have a problem when you’re working away from your office, or some disaster destroys your hard copy.

Local Computer

You can keep your own Excel spreadsheet, text file or other document with a list of your login credentials on your local computer. You can also use your address book in your desktop email client to keep track of your various logins. These options are helpful because you can search and pull up the data whenever you’re on your computer, but you will want to make sure the files are encrypted and/or not included in any off-site data backup processes.

Password Tools

There are a number of password management tools that help streamline the login process by keeping a secure copy of your credentials, or actually taking over the login process on various sites so you don’t need to manually enter your data. The biggest concern with these tools is making sure you know how your data is stored and verifying that all possible security measures are taken.

There are a lot of ways you can create and manage your passwords, and all have varying advantages and disadvantages. The key is to pick one system and use it consistently so you can streamline the process of creating and looking up passwords as you need them.

Image credit: HOLSTEBRO

Free book: Jump Start HTML5 Basics

Grab a free copy of one our latest ebooks! Packed with hints and tips on HTML5's most powerful new features.

  • drudge

    In regard to “Variations on a Theme”.. This isn’t always a great idea if your theme is intuitive. As an example, using the current (week/month/year) as the numerical part of a password exposes the pattern that you’re following. If an old account is compromised, it doesn’t take much for the attacker to guess any new iterations on your password.

  • http://www.cemerson.co.uk Stormrider

    I’ve recently started using KeePass – an excellent little program for remembering passwords. You can synchronise between computers with FTP or Dropbox, and now all my passwords are 20+ characters, random generated passwords with symbols, capital and lowercase, numbers etc. Finally able to have a decent password strategy with it!

    • JG Visual

      I agree. KeePass is awesome. We use it for all our clients.

      For personal passwords we use LastPass. Also a great tool.

  • Arne Klein

    Sven Tilburg of 40FS has recently published a nice post how to create safe passwords and REMEMBER them…
    http://40fs.com/web/blog/2011/01/4-steps-to-a-strong-password-you-will-never-forget/

  • http://www.greasesharing.com Amit Yaron

    Feel free to forget your password. Use the “forgot your password?” mechanism, to get a new password to your e-mail. You are less likely to reveal your password if you forget it.

  • Karl

    This post can give you some great ideas, but it should include some examples. I’ve described my system here:
    http://karlblum.net/blog/2011/01/how-to-remember-secure-passwords/

  • adh32

    I use that kind of system, starting with a combination of letters and numbers that are vaguely meaningful to me and ending with some unique letters that vaguely identify the service or website (e.g. Amazon might be azo). But I think that it’s important not to use the same prefix every time, so I use 3 different combos that relate to different types of website or service. Together, that is still easy for me to remember: the type of service (e.g. shopping) plus letters from the name of the service.