When was the last time you forgot your password? Do you use the same password in many places? Well... It can get very tricky to have secure passwords that are memorable, yet difficult to guess.
In the last 6 years, I’ve only forgotten one password.
In this article you'll learn a method of password selection that can help you generate a variety of passwords which are secure, strong and easy to remember at the same time. You don’t need to remember the final password – simply remember how you derived it.
Two minute version
- Choose a sufficiently long base phrase, the longer the better.
- For best results, join 4 unrelated words, for example:
pottersandwichpregnantfulcrum
. - You can also use a non-existent word, for example:
passphraseophobia
.
- For best results, join 4 unrelated words, for example:
- Capitalize some letters at specific positions. For example,
pottersanDwiChpregnantfulCrum
. - Add some numbers to it in specific positions. For example,
p0tter19anDwiChpregnantfulCrum
. - Add some symbols to it in specific positions. For example,
p0tter19@nDwiCh!pregn@ntfulCrum
. - To avoid having the same password in many places, add some characters based on the platform for which you are generating the password. For example,
FAC
if you’re setting the password for Facebook:p0tter19@nDwiCh!pregn@ntfulCrumFAC
.TWI
if you’re setting the password for Twitter:p0tter19@nDwiCh!pregn@ntfulCrumTWI
.
- Get creative! There are no hard and fast rules!
- As long as you can remember the steps to derive your passwords, you should be able to derive it even if you forget it.
- You can use a password manager to store your passwords.
- This way, you can also use difficult random passwords without the need to memorize them.
Step 1: Base password
To begin with, you can choose a phrase which is easy for you to remember. Usually, the acceptable password length is around 12-16 characters – you can choose a longer password if the platform allows it. The base phrase should be hard to guess but easy for you to remember. Using a set of 3-4 unrelated words can give you a very strong password.
You can do this in one of the following ways:
- Choose 2-4 random unrelated words which don’t usually appear together. Say, you choose the words: potter, sandwich, pregnant and fulcrum. You can combine them as or
pottersandwichpregnantfulcrum
. - Use certain facts of your life to get a set of words and then combine them together. For example, you had a pet rabbit named Jerry and you loved it a lot. In such a case you can choose a base word like
jerrrabit
–jerr
as in Jerry andrabit
as in rabbit. - Use the first letters of a certain sentence that you can easily remember. Say, you choose the sentence, “We were a family of four living in a three room apartment.” You can use the initials to get the phrase
wwafofliatra
. You can even include certain numbers and symbols directly at this stage, likewwafo4lia3ra
.
The base doesn’t even need to be a pronounceable word. You can even choose a random set of characters if you can remember them. Feel free to mix and match multiple things to create this base string.
Example
Easy | Medium | Hard |
---|---|---|
carolina | manulina | pottersandwichpregnantfulcrum |
Step 2: Capitalize Letters
Since most passwords are case-sensitive, it is a good idea to mix in some uppercase letters. This adds a little more entropy to the password. To continue with the example above, say, we make capitalize 2 random letters, R
and I
and get the password jerRrabIt
.
Example
Easy | Medium | Hard |
---|---|---|
Carolina | ManUlina | pottersanDwiChpregnantfulCrum |
Step 3: Add numbers
Once you’ve chosen the base word/phrase, you might want to add in some numbers to your password. You can add numbers to your password in a few ways:
- Replace some alphabets with characters that look like them. For example,
i
becomes1
o
becomes0
- Replace some alphabets with their position in the alphabet. For example,
a
becomes1
o
becomes15
- Add some numbers at certain positions in the password. All you have to do is remember the number and the position at which you’re inserting it.
- If your first car’s license plate contained 1929, you can choose to inject it after the 7th character in your password. Example:
jerRrab1929It
. - If the number associated to your first love (probably heartbreak) contained
5183
, you can choose to add it after the 2nd character in your password. Example:je5183rRrabIt
.
- If your first car’s license plate contained 1929, you can choose to inject it after the 7th character in your password. Example:
There’s no hard and fast rules – get creative! Just remember what you’re doing.
Example
Easy | Medium | Hard |
---|---|---|
Carol1na | Ma14Ulina | p0tter19anDwiChpregnantfulCrum |
Step 4: Add special characters
Now, some special characters for extra points! Almost all secure platforms will require you to have a special character in your password.
You can do this in one of the following ways:
- Replace some alphabets with characters that look like them. For example,
i
becomes!
a
becomes@
- Add some symbols at certain positions in the password. All you have to do is remember the symbol and the position at which you’re inserting it. For example:
- Add the
$
sign after the last character:jerRrab1929It$
. - Add the
&
sign after the 5th character:jerRr&ab9830It
. - Add an
=
sign right before the number you added in the previous step. For example:je=5183rRrabIt
.
- Add the
- Add some symbols/numbers related to factual data about your life. For example:
- If your first salary was $2000, you can add it to the password somewhere.
There’s no hard and fast rules – get creative! Just remember what you’re doing.
Example
Easy | Medium | Hard |
---|---|---|
C@rol1n@ | M@14Ulina | p0tter19@nDwiCh!pregn@ntfulCrum |
Step 5: Add salt
After the above steps, you will get a fairly complex password. However, it is insecure to use the same password in many places. To add some variation to the password, you can add certain varying elements to your password.
Choose some characters from the name of the website/platform/software for which you’re choosing a password. Next, insert them at a specific position in the password you got in the previous step. For example,
- If you’re choosing a password for Facebook, then you can add
fac
at the position of your choosing. - Say, you have a personal Gmail account and one for work. To differentiate the two passwords, you can add in some letters from your company’s name.
There’s no hard and fast rules – get creative! Just remember what you’re doing.
Example
Say, you’re choosing the password for Facebook.
Easy | Medium | Hard |
---|---|---|
C@rol1n@fa | M@14UlinaFK | p0tter19@nDwiCh!pregn@ntfulCrumFAC |
Suggestions
Since you read the entire article, here are some other tips which you might find interesting.
- If you want longer and more complex passwords, use random passwords and store them in a password manager like LastPass or 1Password.
- Even though you’re using the above method for generating passwords, you can still use a password manager to remember your passwords.
- Some services might force you to change your password at regular intervals – you can simply add in an alphabet/number somewhere and keep incrementing it.
- Don’t write your naked password(s) anywhere! I don’t ever pronounce or spell my password. Write indirect hints, if you must or hide some part of your secret password generation recipe.
- Don’t share your passwords with anyone – I don’t even share them with my wife. She respects me and she respects the fact that passwords are supposed to be secret.
Conclusion
It is possible to have fairly complex yet memorable passwords without needing to use a password manager. However, a password manager does make it easier to remember passwords and often provides additional features. If you use a standard set of steps to generate your password, you will be able to derive it again even if you forget the final password.
Next steps
- Are your passwords weak? Improve your passwords today!
- Have many passwords or a bad memory? Get a password manager.
- Read: Comparison of Top Password Managers.
- Tell your friends, family, and colleagues choosing good passwords.