When was the last time you forgot your password? Do you use the same password in many places? Well... It can get very tricky to have secure passwords that are memorable, yet difficult to guess.

In the last 6 years, I’ve only forgotten one password.

Jigarius

In this article you'll learn a method of password selection that can help you generate a variety of passwords which are secure, strong and easy to remember at the same time. You don’t need to remember the final password – simply remember how you derived it.

If you want extremely long and complex passwords, you can use randomly generated passwords. You might need a password manager to remember your passwords and you might not be able to login without accessing your password manager.

Two minute version

  • Choose a sufficiently long base phrase, the longer the better.
    • For best results, join 4 unrelated words, for example: pottersandwichpregnantfulcrum.
    • You can also use a non-existent word, for example: passphraseophobia.
  • Capitalize some letters at specific positions. For example, pottersanDwiChpregnantfulCrum.
  • Add some numbers to it in specific positions. For example, p0tter19anDwiChpregnantfulCrum.
  • Add some symbols to it in specific positions. For example, p0tter19@nDwiCh!pregn@ntfulCrum.
  • To avoid having the same password in many places, add some characters based on the platform for which you are generating the password. For example,
    • FAC if you’re setting the password for Facebook: p0tter19@nDwiCh!pregn@ntfulCrumFAC.
    • TWI if you’re setting the password for Twitter: p0tter19@nDwiCh!pregn@ntfulCrumTWI.
  • Get creative! There are no hard and fast rules!
  • As long as you can remember the steps to derive your passwords, you should be able to derive it even if you forget it.
  • You can use a password manager to store your passwords.
    • This way, you can also use difficult random passwords without the need to memorize them.

Step 1: Base password

To begin with, you can choose a phrase which is easy for you to remember. Usually, the acceptable password length is around 12-16 characters – you can choose a longer password if the platform allows it. The base phrase should be hard to guess but easy for you to remember. Using a set of 3-4 unrelated words can give you a very strong password.

You can do this in one of the following ways:

  • Choose 2-4 random unrelated words which don’t usually appear together. Say, you choose the words: potter, sandwich, pregnant and fulcrum. You can combine them as or pottersandwichpregnantfulcrum.
  • Use certain facts of your life to get a set of words and then combine them together. For example, you had a pet rabbit named Jerry and you loved it a lot. In such a case you can choose a base word like jerrrabitjerr as in Jerry and rabit as in rabbit.
  • Use the first letters of a certain sentence that you can easily remember. Say, you choose the sentence, “We were a family of four living in a three room apartment.” You can use the initials to get the phrase wwafofliatra. You can even include certain numbers and symbols directly at this stage, like wwafo4lia3ra.
Important: I’d recommend choosing a separate base word for websites like online banking portals and websites where your credit/debit card info is stored.

The base doesn’t even need to be a pronounceable word. You can even choose a random set of characters if you can remember them. Feel free to mix and match multiple things to create this base string.

Example

Easy Medium Hard
carolina manulina pottersandwichpregnantfulcrum

Step 2: Capitalize Letters

Since most passwords are case-sensitive, it is a good idea to mix in some uppercase letters. This adds a little more entropy to the password. To continue with the example above, say, we make capitalize 2 random letters, R and I and get the password jerRrabIt.

Example

Easy Medium Hard
Carolina ManUlina pottersanDwiChpregnantfulCrum
Do not use all caps! Make sure you mix in some uppercase letters with some lowercase letters to increase randomness.

Step 3: Add numbers

Once you’ve chosen the base word/phrase, you might want to add in some numbers to your password. You can add numbers to your password in a few ways:

  • Replace some alphabets with characters that look like them. For example,
    • i becomes 1
    • o becomes 0
  • Replace some alphabets with their position in the alphabet. For example,
    • a becomes 1
    • o becomes 15
  • Add some numbers at certain positions in the password. All you have to do is remember the number and the position at which you’re inserting it.
    • If your first car’s license plate contained 1929, you can choose to inject it after the 7th character in your password. Example: jerRrab1929It.
    • If the number associated to your first love (probably heartbreak) contained 5183, you can choose to add it after the 2nd character in your password. Example: je5183rRrabIt.

There’s no hard and fast rules – get creative! Just remember what you’re doing.

Example

Easy Medium Hard
Carol1na Ma14Ulina p0tter19anDwiChpregnantfulCrum
Do not use only numbers or passwords made up of guessable numbers like your ID card, your date of birth or phone number.

Step 4: Add special characters

Now, some special characters for extra points! Almost all secure platforms will require you to have a special character in your password.

You can do this in one of the following ways:

  • Replace some alphabets with characters that look like them. For example,
    • i becomes !
    • a becomes @
  • Add some symbols at certain positions in the password. All you have to do is remember the symbol and the position at which you’re inserting it. For example:
    • Add the $ sign after the last character: jerRrab1929It$.
    • Add the & sign after the 5th character: jerRr&ab9830It.
    • Add an = sign right before the number you added in the previous step. For example: je=5183rRrabIt.
  • Add some symbols/numbers related to factual data about your life. For example:
    • If your first salary was $2000, you can add it to the password somewhere.

There’s no hard and fast rules – get creative! Just remember what you’re doing.

Example

Easy Medium Hard
C@rol1n@ M@14Ulina p0tter19@nDwiCh!pregn@ntfulCrum

Step 5: Add salt

After the above steps, you will get a fairly complex password. However, it is insecure to use the same password in many places. To add some variation to the password, you can add certain varying elements to your password.

Choose some characters from the name of the website/platform/software for which you’re choosing a password. Next, insert them at a specific position in the password you got in the previous step. For example,

  • If you’re choosing a password for Facebook, then you can add fac at the position of your choosing.
  • Say, you have a personal Gmail account and one for work. To differentiate the two passwords, you can add in some letters from your company’s name.

There’s no hard and fast rules – get creative! Just remember what you’re doing.

Example

Say, you’re choosing the password for Facebook.

Easy Medium Hard
C@rol1n@fa M@14UlinaFK p0tter19@nDwiCh!pregn@ntfulCrumFAC

Suggestions

Since you read the entire article, here are some other tips which you might find interesting.

  • If you want longer and more complex passwords, use random passwords and store them in a password manager like LastPass or 1Password.
  • Even though you’re using the above method for generating passwords, you can still use a password manager to remember your passwords.
  • Some services might force you to change your password at regular intervals – you can simply add in an alphabet/number somewhere and keep incrementing it.
  • Don’t write your naked password(s) anywhere! I don’t ever pronounce or spell my password. Write indirect hints, if you must or hide some part of your secret password generation recipe.
  • Don’t share your passwords with anyone – I don’t even share them with my wife. She respects me and she respects the fact that passwords are supposed to be secret.

Conclusion

It is possible to have fairly complex yet memorable passwords without needing to use a password manager. However, a password manager does make it easier to remember passwords and often provides additional features. If you use a standard set of steps to generate your password, you will be able to derive it again even if you forget the final password.

On this page

Thoughts and comments

Recent articles

Jun 6, 2020

Racism in India: My Encounters with Racism

During my 29 years in India, I’ve seen many strange things, one of which is racial discrimination. In this article, I share my experiences and thoughts about racism in India.
May 23, 2020

Drupal + Sidr: Accessible Mobile Menus

Learn about the Sidr module for Drupal that lets you add beautiful, accessible mobile menus to your website.
May 21, 2020

Extension or Change of Conditions on Work Permit at a Canadian Port of Entry: My Experience and Thoughts

How temporary foreign workers can obtain an extension or change in conditions of work permit at a Candian port of entry.
Apr 12, 2020

Dockerize Drupal with Lando

Learn to use Lando for running Drupal websites in Docker containers and get dockerized Drupal websites running in under 5 minutes.
Mar 22, 2020

Teckin Wi-fi LED Colored Smart Bulbs: Review and Experience

Make your home smarter with budget LED smart bulbs from Teckin that provide warm light, cool light and a tonne of colors.
Mar 21, 2020

Dockerize Drupal with Ddev

Learn to use Ddev for running Drupal websites in Docker containers and get dockerized Drupal websites running in under 5 minutes.