A Formula for Secure Passwords

How to create passwords that offer a realistic balance between security and memorability

Generally speaking, secure passwords are not easy to remember and memorable passwords are not very secure. The characteristics that make passwords easy to remember are often the same characteristics that make them easy targets for hackers.

Do this quick test:
Run a password through this easy password meter and see how secure it is:
Password Test

When a Web site requires you to log in using a password, it's providing a layer of security for your personal or sensitive information. You use your passwords believing that nobody else will be able to guess them - and maybe they won't - but amateur guesswork is not the only thing posing a threat to your security online. Highly sophisticated password-guessing software and inherent flaws in computer's operating systems are just two of the things that can compromise your passwords in a heartbeat.

Given that no password is 100% foolproof, the challenge is to create passwords that offer a realistic balance between security and memorability.

The solution: devise a personal formula that enables you to have a unique password for every Web site, while the formula itself stays the same.

With a formula you can easily create passwords that are:

  • Strong - to reduce hacking risks.
  • Easy to remember - so you NEVER have to write them down or store them.
  • Easy to update - so you can change them if necessary.

A strong password contains a minimum of 10 characters and should include at least:
4 letters; 2 numbers; 1 symbol; 2 numbers; and another letter.

So here's how you write a memorable, strong password:

  1. Think of a personal word that you know you'll remember.
    Example, your favorite city: Denver.
  2. Reverse it: Revned (keep a capital letter for extra security).
  3. Choose two non-consecutive numbers: 24
  4. Add a an asterisk, colon or question mark.
  5. Add two more numbers. Make it easier by choosing numbers that follow on logically from the first two: 68
  6. Add the first letter of the site you'll be using the password for:
    i
    for iTunes; m for MySpace and so on. This means you have a unique password for every site.

You'll end up with a password that looks a lot like this: Revned24?68i.

What about changing your password from time to time?

Frequently changing your passwords is one way to help prevent intrusions and protect your personal information. Problem is, these days we have so many of them. A better solution - one that you would be more inclined to actually do - is to create strong passwords and change them only when you have reason to believe it's necessary.

Changing your password doesn't mean changing your formula. But it does mean you'll need to have a second variation of your formula that you can default to when you think one of your passwords may have been compromised. Simply repeat the formula exercise again but change your personal word. Example: Denver becomes Milan

Writing your passwords down:

You can keep a spreadsheet on your computer (and a backup off your computer) provided you never write down the actual password - just a reminder of which one you use for each site you visit.

Spreadsheet example:
Website User name Password
FaceBook PennyC Milan
My Bank - personal pennychambers Denver
My Bank - business 0128745 Milan

Naturally this means you have to remember part of the formula. 
Half a password formula  ;-)
If necessary, write the formula - without the personal word - on a piece of paper until such time that it's entrenched in your brain. In the unlikely event someone finds your paper and your spreadsheet - they'll never figure out how the two relate.

Was this article useful to you? Click on the SHARE icon below to email it to a friend or share it with your online communities.



See how our we can help you attract the kind of Web visitors you actually want - the ones that become customers.

Maximizing your Visibility on the Internet | EngineHounds