How to choose passwords
February 6 2007Every now and then I see the latest and greatest password management software and wonder to myself, “Why can’t people remember their passwords?”. This has always caught my attention because I haven’t had issues remembering passwords for a long time now. So I began thinking about why it’s so easy for me to remember dozens of passwords when other people seem to struggle with just a few. After lots of thought I managed to extract the system that I use in my head into something that I can easily explain without giving away my own personal internal password system.
To get started there are three things that you need to do which will be highly personalized to you and the way that you create your own unique passwords.
Step 1: Decide on a h4×0r system
Whether you call it h4×0r, l33t, or something else is irrelevant. What I’m referring to is modifying written text in a cryptic way. There are many recognized methods of this already in place which you can choose to adpot for your own use or you can make up your own. The goal is simply to remember to type “this” character instead of “that” character. The easiest way to do this is to just choose letters that remind you of numbers or special characters and transpose them when you’re typing.
| Simple h4×0r system | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z |
| 4 | b | c | d | 3 | f | g | h | 1 | j | k | l | m | n | 0 | p | q | r | 5 | 7 | u | v | w | x | y | 2 |
Step 2: Pick a secret word that will never change
This is your salt key and you should NEVER share this secret word with anyone. This is one of the keystones of your personal system. Any attempts to backward engineer your system is pointless without this word.
Step 3: Choose a process of application
This is where you decide in what unique way to apply your h4×0r system and your secret word to your pass phrase. You could achieve this in lots of different ways. It’s really only important that you always apply this process in the same way every time. This is the secret to making very complex passwords very easy to remember. Part one of this application is where to place your secret word (i.e. at the beginning, in the middle, at the end, etc). Part two of this application is what word(s) to apply your h4×0r system to (i.e. the first word, the last word, the word with the highest number of characters, etc). Feel free to get creative with this part of the process, but make sure that it’s something that you’ll be able to remember.
Step 4: Decide how many words
Every protected access point must be easy to remember as a simple pass phrase. This is totally up to you how many words to use but remember that it’s easier to remember two words than it is to remember six. I’ve found that every thing I need access to can easily be described in two words, but you can decide for yourself what’s right for you. Once again, it’s not as important how many words that you choose to use to describe your entry points as it is that you always use the same number of words to describe every entry point from this point forward.
You might be thinking to yourself, “But I’d rather have the freedom to describe my entry points however I want! Why should I limit myself to a fixed number of words?”. The reason is quite simple. With total freedom of how to describe an entry point you might find seven ways to describe it. Though with constrained parameters you might only find one or two ways to describe it. This is one of the keys to being able to remember the password later on.
Congratulations, You’re Done!
Whether you’ve realized it yet or not, you now have the tools needed to create passwords that are:
- Completely unique to their situation
- Encrypted (at least partially)
- Easy to remember
Here are some examples which use the following system:
- Use the h4×0r system outlined up above
- All entry points are described in two words
- The secret word is vanilla
- The secret word is placed at the end of the pass phrase
- The second word is the h4×0r word
- Each word is separated by an exclamation point
| entry point | password |
|---|---|
| Online Bank Login | online!b4nk!vanilla |
| Google Mail Login | google!m41l!vanilla |
| MySpace Login | myspace!4cc0un7!vanilla |
| My Laptop Login | my!l4p70p!vanilla |
| My Home CVS Account | home!cv5!vanilla |
| Master Google Analytics Account | google!4n4ly71c5!vanilla |
As long as you always stay true to your system you’ll always be able to remember your passwords. Remember, this system is highly customized to you and nobody else. So get out a piece of paper and start playing around and have fun with it. Don’t be afraid to get creative either, add an exclamation point or a period in between each word. End each word that ends in y with NOT (for why not). How far you customize your system is totally up to you. Once you’ve identified a system that you like and feel comfortable with you’ll never have to worry about forgetting a password ever again. And nobody is EVER going to be able to guess one of your passwords again either.
Tip: A good password is long (more than eight characters) and uses both letters and numbers. An even better password also uses mixed case and special characters. The more variation you can work into your system the better. “Hmm, what was my online bank login again? Oh that’s right, now I remember: online + bank + vanilla + 2nd word h4xor + exclamation separator = online!b4nk!vanilla”.
Happy passwording!