Incorrect Passwords

How to Create Strong, Memorable Passwords

20 Flares 20 Flares ×

Every day we use passwords to access our email, look at our bank accounts, make payments, log in to social media and much more. Most users have passwords for at least ten sites, and possibly many more.

In most cases, these passwords are all that stand between our personal information and criminals that want to access that data and take advantage of it for their own profit. Imagine if someone could access your bank account, your social media, or your email, how much havoc could they create in your life?

Businesses are at even great risk because they must protect both customer data and intellectual property from criminals. Failure to do so can result in both expensive lawsuits and loss of reputation. How much of your valuable data is open to attack because employees in your organization have used easily hackable passwords? Cybercrime is a booming industry, and if your organization employs weak passwords your business could be making the next headline.

Businesses can significantly improve their security with just a small amount of training, and by the end of this article anyone reading should be able to create a memorable but secure password.

What Makes a Password Strong or Weak?

Faced with the necessity of creating so many passwords, we’ve observed that users frequently develop one or more bad habits:

  • Never Changing Passwords – Ten years ago an 8-letter password was considered strong, today it would be considered weak and easy to crack. You need to increase the level of your security in line with advances in password cracking technology.
  • Reusing Passwords – The more different places you use a password, the more vulnerable you are. If someone cracks your password on one site, they will probably try it on other websites too. It’s bad enough to have your Facebook account hacked, but disastrous if that also leads to your email, bank accounts, and business login being compromised.
  • Using Non-random Patterns – Hackers have a wide range of dictionaries they use to crack passwords, including English words, names, famous quotes, and more. They run these dictionaries first before trying a brute-force, random method. By taking these simple dictionaries and adding numbers or symbols at the end, and running versions with capitalization and not they can quickly break most obvious passwords.
  • Relying on Substitutions – If you thought you were being cunning when you changed some letters into numbers you’re in for a disappointment – hackers are way ahead of you. A password like J0n3s45 is almost as easy to crack as Jones45, and hackers know to check common substitutions like these.

So, what does a strong password look like?

Let’s look at an example:

aK;6Hg@1f4{G]h:5

This password is very secure. Because it is random, none of the password dictionaries would help crack it, so a hacker would need to guess random combinations. This would take a long time because the password is long, and because it is complex (contains uppercase, lowercase, numbers and symbols).

In fact, guessing at 4 billion combinations a second (the sort of speed a password cracker on a fast desktop might accomplish) this password would take 412 trillion years to crack.

Of course, there’s just one problem: there’s just no way anyone could be expected to memorize a password like that, let alone multiple passwords of similar length and complexity.

How to Create a Password that is Strong AND Memorable

Below we’re going to suggest several different ways that you and your employees can create strong, memorable passwords that will keep your business and personal data safe. To achieve this, these methods often reduce the complexity of the password, exchanging it instead for extra length. A simpler (just lowercase), longer password can be more secure than a shorter, more complex one (containing lowercase, uppercase, numbers, and symbols) because length = strength.

In addition to exchanging complexity for length, these methods all reduce the randomness of the password so that it is easy to remember, but without resorting to obvious words or patterns. These passwords appear random to a hacker but are easy to remember for the creator.

How can we do this? Let’s take a look at a couple of methods below:

Combine Several Words

By taking several memorable words and combining them in a way so that they appear random, you can create a password that is both memorable and strong. The key is to start with a memory or sequence of events that you find easy to remember.

For example, I might create a password based on a memorable trip I made, for example walking on a glacier in Iceland for my honeymoon. My key words might be walking, glacier, and honeymoon.

Alternatively I might use an entirely fictitious picture that I find memorable, such as juggling dogs riding unicorns. My key words here are juggling, dogs, riding, and unicorns.

Let’s take the first example (walking, glacier, honeymoon). I can combine these into an easy to remember, but secure, password by taking the first letter of each (w, g, h), then the second letter of each (a, l, o), and so on, to create a seemingly random string of letters:

wghalolankceiiynemgroon

Despite its lack of complexity, the length of this password means that at 4 billion calculations a second this password would still take 2 quadrillion years to crack. That’s significantly more secure than our example password from earlier (aK;6Hg@1f4{G]h:5), but much easier to remember.

Turn a Memorable Sentence into a Password

Another great way to create a password is to create a memorable sentence and then use the first letter of every word. For example:

“When I was 3 we lived in Liverpool. Our house was a bungalow on 32 Prescott Road.

By taking the first letter, and including punctuation, we get the following password:

WIw3wliL.Ohwabo3PR.

This long, relatively complex password is easy to remember and even harder to crack than the last.

Creating and Using Secure Passwords

There are plenty of other ways to create a great password using simple memories and easy-to-remember sentences. For example, you might list the first two letters of each word, or the first and last letters of each word to create a string of characters.

The method you use is less important than the overall principles. You want something long, easy to remember, and seemingly random.

You also need to remember that if you want to be completely secure you must not reuse your passwords. This is particularly true for your most important sign-ups – your business login, email, PayPal account and others.

A key security concern for many businesses is that employees re-use their business password on other, less secure websites. If those websites become compromised, and a hacker gets hold of the login information, they may then be able to access previously secure business assets.

Of course, if your employees need several different business passwords, to get secure access to different servers or containers, remembering everything can soon become a problem. This can lead to those bad practices we identified at the start of the article.

Instead, many businesses use a software solution, such as Onion ID, to manage their employees’ credentials easily and securely. A password manager creates secure passwords and remembers them for you, so you don’t have to tax your brain to get great security. Instead of remembering 20 hard passwords you only need one: the password for the manager itself. Providing a solution like Onion ID for your employees can significantly increase your organization’s security by eliminating the possibility of poor password management endangering your important data.

 

Sign up to our newsletter today for more information about protecting your data and safeguarding your organization.

 


Photo by Lulu Hoeller, CC BY 2.0

Share this post


20 Flares Twitter 16 Facebook 0 Google+ 2 Reddit 0 LinkedIn 2 Buffer 0 20 Flares ×