The use of passwords (or watchwords) is ancient authentication method, but we are stuck with it (until some revolutionary standardised biometric human recognition technique will be invented). The biggest pain about passwords is that we have to remember them – and we are damn lazy. Things like password, qwerty and 123456 happen to be one of the most commonly used passwords. Yes, we are that lazy. And our laziness goes even further, because we are often so proud of our password, that we use it everywhere.
That’s why I’d like to share my own technique of creating and memorizing secure passwords. It’s quite flexible, so I’m not afraid to ‘open-source’ it ;)
Don’t ignore passwords
Nowadays we are sharing more and more information about us in various places in the web because getting an account is often just a few input fields and one click away. And if we don’t want our identity (event if it us just virtual one) to be stolen, we need to think about safety. Not every place in a web is greatly secured, not everyone out there is our friend (really!). Because of security vulnerabilities (btw, that’s one of the words I absolutely cannot spell correctly without help from Google), phishing and data leaks of any other kind you cannot be sure that your precious password will not get into some hostile hands. And if someone get’s your myspace password you wouldn’t like him to get into your facebook, twitter, mail and bank account with it as well, would you? That’s why it’s so important to use different passwords on different websites. But who would remember them all?
I faced the same problems. Even when I came up with a nice and quite secure password I was using it everywhere until started to use simple mnemonic I want to share with you.
Remember them
We all now that secure password should not be very short (8 characters or more is fine) and made of letters (both lower and upper case) together with numbers and (ideally) with symbols.
Like this one:
G@1fdY5htwb3But can you imagine remembering it? – Hopefully after reading this article you will remember it easily.
Secure passwords are hard to break, because they doesn’t seem to make much sense. They need to look like a list of random characters. But if they are just a list of random characters without any sense, they would be almost impossible to remember. So we need to hide some sense under these characters. Or even better – find something that makes sense and is easy to remember at first place, and then turn it into a secure password.
And what is the easiest thing to remember? Ask a child and you will get the answer that couldn’t be more obvious: rhymes. Especially those that are short and funny.
So the key of this method is to write a short rhyme, remember it and then turn it into a password. Because we want different passwords for different websites we need also different rhymes. So try to come up with something that easily links in your mind with that website.
Let’s say we want a password for a Google Account. And the rhyme may look like this one ;)
Google Account is for daredevil
you shouldn’t hope they won’t be evil.
I know that that’s probably not a perfect English (it’s much easier for me to rhyme in Polish), but still it’s quite fine, fun, and easy to remember, isn’t it? Just repeat it for a few times in your mind and it should stick there for a while.
Of course you may not find this one as fun and easy to remember as I do, but I’m sure that if you write your own rhyme you will know it by heart in no time.
And now, as we remember the rhyme, we need to turn it into great and secure password.
Make them secure
Using whole rhyme as a password wouldn’t be quite useful (nor very safe) so we need to shorten it a bit. The easiest method would be to use first letters of every word.
So we will get:
gaifdyshtwbeMuch better. But now we should put some upper-case letters. Try to use some simple rule: upper-case every first letter of nouns, or do it with first letter of website’s name.
In our example we will upper-case first letters of every line of a rhyme:
GaifdYshtwbeAnd now it’s time for numbers and symbols. It should be quite easy (at least for geeks) to map some letters into symbols and numbers, so let’s turn a into @, i into 1, s into 5 and e into 3.
So we are back with our very secure password:
G@1fdY5htwb3Just look at it once again. It’s just a rhyme about evil Google Account, can you see it?
As you probably noticed all the rules described here are very flexible. You should change them, came up with your own, combine them. If turning letters into symbols and numbers is much to geeky for you, just append number of letters in website’s name to the end of the password. You can also find some ideas for creating secure passwords around the web. It is just important in the beginning, when you are learning your password. After using it for a few times your mind and fingers will remember it for you. That’s why it may be a good idea not to use ‘Remember me’ feature that keeps you logged in the beginning – log in normally for a few times, until you are sure you know your password well enough.
With this technique all you need to do to create new password is to come up with a rhyme, because you can use the same rules to create all your passwords from them.
I’m quite successfully using this password creation technique for (most) of my accounts. It’s a very good exercise for your mind and quite fun :) And I’ve said most, because still sometimes I’m just too lazy to come up with a rhyme.
Other side
Of course I’m aware that technology faces the problem of our laziness: all of the modern browsers provide a way of saving our passwords, authentication services such as OpenID are (very slowly) getting more and more popular. But still this will not save us if we will not care enough to protect ourselves.
Did you like it? Do you have anything to add? Join the discussion and tell us about it, or just check what others have to say.