Life is filled with things we know we need to do, even though they\u2019re not exactly fun (doing dishes when you cook and pulling weeds when you garden come to mind). One of those things is coming up with secure passwords for all of our online accounts, which seems to get more difficult with the passage of time. <\/p>\n\n\n\n
Faced with the need to come up with passwords for dozens of sites and apps, we tend to opt for what\u2019s memorable rather than what\u2019s secure (bad) or just repeat ourselves from site to site (even worse). A better approach is to find a system to help you create password ideas that yield strong but memorable passwords. We\u2019ve rounded up several examples for you to choose (and learn) from. <\/p>\n\n\n\n
Before we start looking at how<\/em> to craft a good password, let\u2019s review why<\/em> most passwords are bad. The first, and arguably biggest, reason is human nature: crafting a unique, strong password for every app or site is a pain in the butt, so we don\u2019t do it. Instead we pick weak passwords, things that are easy to remember (but also easy for attackers to guess), and reuse our passwords indiscriminately. <\/p>\n\n\n\n IT people and administrators love to put the blame on users, but let\u2019s be blunt: they\u2019re the ones creating the policies that often enable poor password usage. There\u2019s a known, long list of worst and most-used passwords<\/a>, for example, but how many sites actively prevent you from using one? If you guessed \u201cnot many,\u201d you\u2019d be right. Most will now warn you if you choose a weak password, but few will flat-out refuse to let you use it. <\/p>\n\n\n\n Those that do<\/em> enforce strict rules around passwords can be frustrating, too. The end goal \u2014 security \u2014 is one we can all get behind, but the implementation is often indifferent. Sites vary in the length of password they require and which combinations of characters they\u2019ll accept. Some don\u2019t tell you their criteria, so it can take several tries (with a different error message each time<\/a>) until you guess the right combination. Several years ago, researchers at Carnegie Mellon University<\/a> found that when users were irritated with the password policy, about half simply gave up in exasperation and followed the path of least resistance, picking whatever weak password they could get away with. <\/p>\n\n\n\n So how do criminals and scammers go about getting, or breaking, your passwords? Phishing attacks<\/a> are one common point of vulnerability: if you simply give them your username and password, they don\u2019t have to guess. Another weakness is data breaches, which can expose thousands, millions or even hundreds of millions of passwords all at once. <\/p>\n\n\n\n When they don\u2019t get combinations of usernames and passwords that they already know are valid, criminals can also use a technique called credential stuffing<\/a>. Basically that means taking inexpensive lists of already broken or exposed usernames and passwords, and trying them automatically on popular sites until they find a combination that works. Once they do \u2014 because people reuse their passwords \u2014 they can try that same combination everywhere<\/em>. At tens of thousands of attempts per hour, multiplied by many thousands of criminals and crime rings worldwide, that\u2019s a big vulnerability. <\/p>\n\n\n\n Finally, there\u2019s brute force. Criminals armed with heavy-duty computing power can simply try every possible combination of characters until they succeed. The longer and stronger your password, the more difficult that becomes. With these things in mind, it\u2019s easy to see why there\u2019s so much emphasis on using long, strong, unique, hard-to-guess passwords. <\/p>\n\n\n\n The ideal password (the kind a password-generating app or site will make for you) looks like what happens when a cat walks across your keyboard: an endless, random mixture of upper- and lowercase letters, numbers and symbols. Unfortunately, what you gain in security you lose in memorability. Very, very few people indeed could remember one or two dozen of those. <\/p>\n\n\n\n So how can you come up with password ideas<\/a> that are secure but won\u2019t hurt your brain? There are several useful techniques, including several variations on these six we\u2019ve chosen to highlight here. <\/p>\n\n\n\n One important caveat: when you\u2019re gleaning password ideas from this or any other article, always tweak them slightly to personalize them (reverse the order, use the last letter instead of the first and so on), and never<\/em> use the specific examples given. Criminals read security articles too….<\/p>\n\n\n\n Pick a book, song or poem you know well \u2014 in a pinch, even a user manual will work \u2014 and pluck a few words from the first sentence at random. If it were Jane Eyre<\/em>, for example, you might go with \u201cwas possibility walk that\u201d as your password. You can\u2019t always use spaces, so fill in the gaps with numbers and symbols (we\u2019ll come back to that). <\/p>\n\n\n\n When it comes to passwords, length equals strength, so all things being equal a passphrase<\/em> is better (and usually more memorable) than a password<\/em>. Something along the lines of \u201ca stitch in time saves nine\u201d or \u201cwaste not, want not\u201d would work, especially with added characters. Ideally you\u2019d choose a less widely-used phrase, such as a piece of local slang or even a catchphrase or in-joke that\u2019s only known to your family and friends. <\/p>\n\n\n\n This one\u2019s a refinement of the \u201cmemorable phrase\u201d method, and works best with songs or poetry. Take the first letter of each syllable, using lowercase for unstressed syllables and uppercase for stressed syllables, and keeping the punctuation in place. <\/p>\n\n\n\n Treated this way, Shakespeare\u2019s \u201cShall I compare thee to a summer\u2019s day?\u201d becomes \u201csIcPtTaSm\u2019d?\u201d, which is a pretty reasonable password, and it\u2019s even better if you add \u201cS18\u201d to the end (because it\u2019s Shakespeare\u2019s sonnet #18). Any song or poem works, as long as it\u2019s one you\u2019ll for sure remember. <\/p>\n\n\n\n Your own life is another rich source of words and phrases you can use to generate strong passwords or passphrases. Using your own personal memories as the key for a password pretty much guarantees you\u2019ll remember it, because (duh!) it\u2019s already your memory. <\/p>\n\n\n\n \u201cWe went camping when I was 6 and I caught four fish\u201d would become \u201cWwCpwIw6,aIc4F\u201d using the first-letter system, which is a pretty strong password. If you use it to make a phrase instead it would become \u201cWe camping six caught,\u201d which is also pretty strong. <\/p>\n\n\n\n Your OS sets itself up to recognize a specific keyboard, usually US English, unless you tell it otherwise. You do have the alternative of using other keyboards, though, and it\u2019s a useful way to strengthen your passwords. <\/p>\n\n\n\n To use this technique, set up a second keyboard layout on your device, choosing a language with lots of special characters but relatively few users (Cherokee, for example, or Scots Gaelic). Before typing your password, choose your alternative keyboard layout \u2014 just search up how it works on your specific OS, if you don\u2019t know \u2014 and while you type ordinary letters, your computer registers foreign ones. You can use this with any password and any password-selection method as a strength booster.<\/p>\n\n\n\n Each extra character makes your password significantly stronger; so adding characters gives you strength without (necessarily) sacrificing memorability. The secret is consistency: as long as you use a consistent formula for adding those characters, you don\u2019t have to worry about how you\u2019ll remember them. <\/p>\n\n\n\n One option, by way of illustration: take a pair of characters (^ and $, perhaps) plus the numbers from those same keys (6 and 4, in this case) and add them to your passwords. Combining this with our earlier Jane Eyre<\/em> password would yield \u201cwas^possibility$walk6that4,\u201d which is very strong indeed. <\/p>\n\n\n\n The helpful people at your local hardware store will usually say, after cutting you a new key, to \u201ctest it before you trust it.\u201d That\u2019s a really good rule of thumb for passwords as well. There are a couple of useful tests you can try before committing to a password. One is to check and see if your chosen password has already been stolen in a breach. <\/p>\n\n\n\n Several services can check a password to see if it\u2019s been compromised \u2014 Have I Been Pwned?<\/a> is a good one \u2014 so pick one and enter your chosen password into the search bar. If it\u2019s found in the database of already-cracked passwords, don\u2019t use it: that would be like buying a broken lock. <\/p>\n\n\n\n You can also use the interactive brute-force calculator<\/a> at Gibson Research to see how long it would take attackers to break your password the hard way. It\u2019s quite instructive to see how difficult it becomes with each character you add (hence password padding). As the company itself is quick to point out, this doesn\u2019t necessarily mean your password is strong, just hard to crack by brute force. You still have to make sure there aren\u2019t any easier ways for criminals to break it. <\/p>\n\n\n\n Ultimately most people will still end up with a lot<\/em> of passwords to remember, perhaps too many for comfort. That means you\u2019ll need to give your memory some help, and there are two main ways to do it. <\/p>\n\n\n\n One is simply writing down the passwords somewhere. That might seem like a really<\/em> bad idea, but it\u2019s not necessarily so. Keeping them on a card in your wallet, or in a locked drawer at the office, is reasonably secure (and it\u2019s offline<\/a>, so it can\u2019t be hacked). Also, there\u2019s a lot to be said for keeping a record of your passwords with your will and other legal documents, so your loved ones can access your accounts if you should be unexpectedly incapacitated. <\/p>\n\n\n\n The other is to use software to manage your passwords. Your browser will do this for you, but that isn\u2019t necessarily the most secure platform (it\u2019s not their main business, after all). It\u2019s better to select a free or low-cost password-management app, which keeps your passwords in an encrypted database. Many are cross-platform, so you can use them across devices running Windows, OSX, iOS, Android and even (sometimes) Linux. That way you\u2019ll only need to remember one<\/em> strong password \u2014 the one to your password manager \u2014 and you can look up the others as needed. <\/p>\n\n\n\n It\u2019s difficult to overstate the importance of good password hygiene. It\u2019s absolutely fundamental to your online security, and it\u2019s one of the very few things in life that\u2019s absolutely, unequivocally under your direct control. <\/p>\n\n\n\n So your mission \u2014 should you choose to accept it \u2014 is to try a few of these methods, find one you can live with and use it for your passwords from here on out. Using a strong, unique password for every new site (and changing them on every old site where you\u2019ve currently got a mediocre password) might just be the best thing you can do for your online peace of mind. <\/p>\n\n\n\n Life is filled with things we know we need to do, even though they\u2019re not exactly fun (doing dishes when you cook and pulling weeds when you garden come to…<\/p>\n","protected":false},"author":112,"featured_media":25341,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[614],"tags":[],"class_list":["post-25340","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-safety"],"yoast_head":"\nHow Your Passwords Get Broken (and Why There are Rules)<\/h2>\n\n\n\n
Password Ideas: Long, Strong and Memorable<\/h2>\n\n\n\n
1. The \u201cWords Out of Context\u201d Method<\/h3>\n\n\n\n
2. The \u201cMemorable Phrase\u201d Method<\/h3>\n\n\n\n
3. The \u201cLine of Verse\u201d Method<\/h3>\n\n\n\n
4. The \u201cAutobiography\u201d Method<\/h3>\n\n\n\n
5. The \u201cAlternate Keyboard\u201d Method <\/h3>\n\n\n\n
6. The \u201cPad That Password\u201d Method<\/h3>\n\n\n\n
Test It Before You Trust It<\/h2>\n\n\n\n
Get Some Help<\/h2>\n\n\n\n
Applying What You\u2019ve Learned<\/h2>\n\n\n\n
Sources<\/h2>\n\n\n\n