Three (Almost) Foolproof Ways to Make a Secure Password

On LockerGnome we’ve got many articles about passwords ranging from how to make your life easier by remembering them to how ludicrous it will become for passwords to remain secure — if it hasn’t already gotten that far. Today I wanted to share a few tips that may help you make and remember your passwords. I’ll also point out that I have well over 20 different passwords that I remember and use on a day-to-day basis to show that I don’t just “talk the talk.”

The Phrased Password

I’ve found this technique to be quite useful, but it can be a little bit of a drawn-out process.

  • Find a phrase that you know well. I’ll use: “You can take a horse to water, but you can’t take him to a disco.” — Eddie Izzard
  • Take the first letter from each word. So, for this example, YCTAHTWBYCTHTAD.
  • Vary the case of the letters from UPPERCASE to lowercase. The example now changes to yCTahTWbYcThTAd.
  • Change some letters to numbers. In our example, T=1 and C=6 to become y61ahTWbYc1hTAd.
  • Add in some special characters like @,.#. Our example now looks like this: [email protected].

The reason these kinds of passwords are great — albeit easily forgettable — is that they are long. I believe the optimal length of a password to be around the 12-13 alphanumeric mark. I may be wrong in this aspect, however, all of my passwords are built to this sort of standard.

The Stuff Around You Password

I don’t personally use this technique, but you might find it to be a secure way of password building.

  • Pick two items from around your room. In my case, a glass and an open window.
  • Think of two seperate sets of two numbers. I’ll go for 23 and 98.
  • Place these two numbers before, during, or after the words. In this example, I’ll go for 23glass98window.
  • Add in a special character or two. The example now looks like this: 23.glass@98window.

As I mentioned above, I don’t personally use this method, but I can see why people do use it. It’s simpler and a lot easier to remember this kind of password than it is to remember the letters for which you’ve changed case, which letters you’ve changed into numbers, and where you’ve placed the special characters and character replacements.

The Mixed-up Password

Three (Almost) Foolproof Ways to Make a Secure PasswordThis technique is one from back in the day when I was just new to the whole Internet phenomenon — so that’s about a decade ago.

  • Pick two words. I’ll use headset and mouse.
  • Mix them together. We now get hmeoaudsseet.
  • Add in a special character and a number or two. The example now looks like this: hme#89oaud.sseet.

I am not sure how I feel about this technique because it is just so old, but it should still be secure. My only problem with it is that you may forget — as I have — which word comes first. I think it’s all a case of what works for you — better is relative, and all that jazz.

As I mentioned above, I’ve been online for a decade now and, damn, I feel old. I have used many different techniques and thought that it may be a good idea to share three of my techniques with you, the LockerGnome audience. I can never truly take the high ground over making highly secure passwords because even I have used some really stupidly easy ones — granted, they were for testing purposes, but it’s still no excuse in my book. I also know there are still hundreds of thousands of people out there who have passwords like QWERTY and ABC123. I hope that they see and use one of the three methods above to create a password that is even slightly more secure.

I both love and hate the idea of storing all of my passwords in one single place and letting the program or code insert and take care of that side of it for me. I love it because I’d only have to use a singular, secure password. I hate it because there is always that chance that the website, program, database, or whatever is compromised and then I have to run around all of the websites I use to change all of my passwords. It may even be that I couldn’t get to the website in time before someone locked me out of my own account, and the, there’s the long, drawn-out battle to get that website or those websites to check their logs and verify that I am who I say I am. Passwords are what make the world go round, in my opinion. What do you think?

CC licensed Flickr photo of rusty padlock shared by Stew Dean

Article Written by

John “Scotsman” McKinlay is a 25-year-old autistic living in Glasgow, Scotland. He has been an online presence since 1998, but has only recently found that his voice and writing skills could bring him into the world of blogging and podcasting -- with a bit of YouTube on the side. He joined the ranks of LockerGnome back in March of 2012 and has been warmly received both by the LockerGnome staff and by you lovely ladies and gentlemen of the LockerGnome audience.

  • Eric

    If you make your pass-phrases long enough, say 16-20 characters, you can dispense with the hard-to-remember special characters, and just use regular alphabetical characters. The password will still be secure enough to be practically unbreakable (see 
    http://howsecureismypassword.net/). 

    Unless, of course, the system you are creating a password for has some silly policy requiring special characters.

  • http://twitter.com/djmoore711 D. J.

    I’ve always used something repeatable: DomainName#2012, or something close to that.  ;-)  The only thing that changes is the domain name.  This isn’t as secure, but a little more memorable. 

    • http://twitter.com/andr3wjacks0n andrew jackson

      My current SSID password is Hard to Guess password 2012. Guess what it is gonna be next year.

  • MsAfroCAN

    I usually use the 1st method but keeping the phrase as it is without omitting the rest of the word

  • http://twitter.com/andr3wjacks0n andrew jackson

    I turn phrases to leet speak.  Password becomes P@ssw0rd.  Transformer becomes Tr@nsf0rm3r 

    • http://www.facebook.com/profile.php?id=750851730 Kim Nilsson

       Sadly, that will not take more than a fraction of one extra second for the password hacker, since as long as you use a single word with few characters a simple dictionary attack is over in less time than it takes you to say your password.

  • Simon Groves

    Go for basic security if your karma is good your safe, if bad, your in trouble….its kind of true for whatever password you choose… in some ways the better your password the less you trust life and the more your likely to get screwed, this is wisdom I think.

    • mgesh61

      I like the karma idea .. . I must have good Karma, not been hacked yet – (knock on wood)

  • Sdeforest

    The problem is not remembering passwords.  The essential problem is creating unique passwords for each application so that penetrating one does not compromise all of your security.  Some time ago I posted my solution for making unique passwords which I can easily remember.  See here:
    http://www.lockergnome.com/sherman/2010/12/13/it-is-10-oclock-where-is-your-password/

    • mgesh61

      I like your system, especially for changing.  So many places require you to change passwords.  Also, sometimes I reset the password on one computer because I forgot it, but then when I log in on the other computer, I can’t remember what I changed it to.

  • mgesh61

    It’s not as much of a problem with some sites who recognize what computer you are logging in from, or have pictures or some other extra layer of security.  Everyone has 15 security questions before you can get your password back.  The other issue is that a lot of my work passwords require changing the password every 30 or 90 days, and some of them won’t let you use one you have used before, or any one of the last 5 or something like that.  I usually use some combination of month and year along with the same password, but this is just for work, and mostly HIPAA security reasons.  Don’t know who would want to break into medical records. 

    • Ben

      Insurance companies interested in seeing if they can deny coverage, or raise premiums, or cancel an existing policy because of certain medical issues? Oh wait … never mind. That’s just paranoia on my part. :-)