When was the last time you forgot your password? Do you use the same password in many places? Well... It can get very tricky to have secure passwords that are memorable, yet difficult to guess.

In the last 6 years, I’ve only forgotten one password.

Jigarius

In this article you'll learn a method of password selection that can help you generate a variety of passwords which are secure, strong and easy to remember at the same time. You don’t need to remember the final password – simply remember how you derived it.

If you want extremely long and complex passwords, you can use randomly generated passwords. You might need a password manager to remember your passwords and you might not be able to login without accessing your password manager.

2 minute version

  • Choose a base word or phrase, preferably a non-existent word. For example: passphraseophobia.
  • Capitalize some letters at specific positions. For example, PaSSPhraSeoPhobia.
  • Add some numbers to it in specific positions. For example, PaSSphras50Ph0bia.
  • Add some symbols to it in specific positions. For example, P@SSphr@s50ph0b!@.
  • To avoid having the same password in many places, add some characters based on the platform for which you are generating the password. For example,
    • FAC if you’re setting the password for Facebook: P@SSphr@s50ph0b!@FAC.
    • TWI if you’re setting the password for Twitter: P@SSphr@s50ph0b!@TWI.
  • Get creative! There are no hard and fast rules!
  • As long as you can remember the steps to derive your passwords, you should be able to derive it even if you forget it.
  • If you want, you can use a password manager to store your passwords.
  • To have really long and random passwords then go for a password manager.

Step 1: Base password

To begin with, you can choose a special word which is easy for you to remember. Usually, the acceptable password length is around 12-16 characters – you can choose a longer password if the platform allows it. The base phrase should be hard to guess but easy for you to remember. You can even use non-existent words to make it even more difficult to guess!

You can do this in one of the following ways:

  • Choose 2-4 random unrelated words which don’t usually expected to appear together and then combine them as you want. Say, you choose the words: brick, curve, violent. You can combine them as brickcurveviolent or brickurviolent.
  • Use certain facts of your life to get a set of words and then combine them together. For example, you had a pet rabbit named Jerry and you loved it a lot. In such a case you can choose a base word like jerrrabitjerr as in Jerry and rabit as in rabbit.
  • Use the first letters of a certain sentence that you can easily remember. Say, you choose the sentence, “We were a family of four living in a three room apartment.” You can use the initials to get the phrase wwafofliatra. You can even include certain numbers and symbols directly at this stage, like wwafo4lia3ra.
Important: I’d recommend choosing a separate base word for websites like online banking portals and websites where your credit/debit card info is stored.

The base doesn’t even need to be a pronounceable word. You can even choose a random set of characters if you can remember them. Feel free to mix and match multiple things to create this base string.

Example

Easy Medium Hard
carolina manulina cloricafristern

Step 2: Capitalize Letters

Since most passwords are case-sensitive, it is a good idea to mix in some uppercase letters. This adds a little more entropy to the password. To continue with the example above, say, we make capitalize 2 random letters, R and I and get the password jerRrabIt.

Example

Easy Medium Hard
Carolina ManUlina CloRIcafristern
Do not use all caps! Make sure you mix in some uppercase letters with some lowercase letters to increase randomness.

Step 3: Add numbers

Once you’ve chosen the base word/phrase, you might want to add in some numbers to your password.

You can add numbers to your password in a few ways:

  • Replace some alphabets with characters that look like them. For example,
    • i becomes 1
    • o becomes 0
  • Replace some alphabets with their position in the alphabet. For example,
    • a becomes 1
    • o becomes 15
  • Add some numbers at certain positions in the password. All you have to do is remember the number and the position at which you’re inserting it.
    • If your first car’s license plate contained 1929, you can choose to inject it after the 7th character in your password. Example: jerRrab1929It.
    • If the number associated to your first love (probably heartbreak) contained 5183, you can choose to add it after the 2nd character in your password. Example: je5183rRrabIt.

There’s no hard and fast rules – get creative! Just remember what you’re doing.

Example

Easy Medium Hard
Carol1na Ma14Ulina Cl0RIcafris20ern
Do not use only numbers or passwords made up of guessable numbers like your ID card, your date of birth or phone number.

Step 4: Add special characters

Now, some special characters for extra points! Almost all secure platforms will require you to have a special character in your password.

You can do this in one of the following ways:

  • Replace some alphabets with characters that look like them. For example,
    • i becomes !
    • a becomes @
  • Add some symbols at certain positions in the password. All you have to do is remember the symbol and the position at which you’re inserting it. For example:
    • Add the $ sign after the last character: jerRrab1929It$.
    • Add the & sign after the 5th character: jerRr&ab9830It.
    • Add an = sign right before the number you added in the previous step. For example: je=5183rRrabIt.
  • Add some symbols/numbers related to factual data about your life. For example:
    • If your first salary was $2000, you can add it to the password somewhere.

There’s no hard and fast rules – get creative! Just remember what you’re doing.

Example

Easy Medium Hard
C@rol1n@ M@14Ulina Cl0RIc@fr!s20ern

Step 5: Add salt

After the above steps, you will get a fairly complex password. However, it is insecure to use the same password in many places. To add some variation to the password, you can add certain varying elements to your password.

Choose some characters from the name of the website/platform/software for which you’re choosing a password. Next, insert them at a specific position in the password you got in the previous step. For example,

  • If you’re choosing a password for Facebook, then you can add fa at the position of your choosing.
  • If you’re choosing a password for Twitter, then you can add tw at the position of your choosing.
  • Say, you have a personal gMail account and one for work. To differentiate the two passwords, you can add in some letters from your company’s name.

There’s no hard and fast rules – get creative! Just remember what you’re doing.

Example

Say, you’re choosing the password for Facebook.

Easy Medium Hard
C@rol1n@fa M@14UlinaFK fCl0RIc@fr!s20ernk

Suggestions

Since you read the entire article, here are some other tips which you might find interesting.

  • If you want longer and more complex passwords, use random passwords and store them in a password manager like LastPass or 1Password.
  • Even though you’re using the above method for generating passwords, you can still use a password manager to remember your passwords.
  • Some services might force you to change your password at regular intervals – you can simply add in an alphabet/number somewhere and keep incrementing it.
  • Don’t write your naked password(s) anywhere! I don’t ever pronounce or spell my password. Write indirect hints, if you must or hide some part of your secret password generation recipe.
  • Don’t share your passwords with anyone – I don’t even share them with my wife. If she respects me, she would also respect the fact that a password is something quite secret.

Conclusion

It is possible to have fairly complex yet memorable passwords without needing to use a password manager. However, a password manager does make it easier to remember passwords and often provides additional features. If you use a standard set of steps to generate your password, you will be able to derive it again even if you forget the final password.

On this page

Recent articles

Sep 6, 2019

Signing Git Commits and Tags with GPG

Learn to sign your Git commits and tags with GPG to let your team know that they are authentic and that they weren’t maliciously altered by someone.
Jul 22, 2019

Doing Transactions Exceeding your Credit Card’s Limit

Do transactions beyond your current credit limit! Learn a workaround for bypassing your credit limit temporarily or increasing it permanently.
Jul 6, 2019

Acquia Certified Drupal Developer: Preparation, Experience and Review

Learn how to prepare for Acquia’s Drupal certification test and how I scored around 90% in the tests to become a Drupal Grand Master over a weekend.

Thoughts and comments