The best password is totally random(ish), twelve characters long, and contains all four character types (uppercase, lowercase, number, and special character). It is also very important to use a different password for each and every account login you have. This can become VERY cumbersome and painful to track… It’s almost impossible, unless you have a solid method to easily remember literally hundreds of passwords. I have just such a method and will share it with you in this article.
First step is to have the main portion of the password, which will be repeatable in all of your passwords. I like to use a single (first) letter from each word of an easily memorable sentence. For instance, I happen to love the last sentence of the poem “The Road Not Taken” written by: Robert Frost.
“…Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference.”
I need nine characters for the first part of my password, so I can pull the first letter from each word of my favorite part of that poem like this:
[T]wo
[R]oads
[D]iverged
[I]n
[A]
[W]ood
[A]nd
[I]
[I]
Converting that to lowercase, I end up with “trdiawaii”; which we can further break up by swapping a few of the letters for uppercase alternatives, numbers, and a special character. Here’s a sample of what I mean: “Trd1aw&i1”. I capitalized the first letter, changed two of the i’s to the number one, and replaced the a (from the word “and”) with an ampersand. As you can see, we now have a very nice and complicated password that only I could truly appreciate and know.
These nine characters would become the beginning for ALL of my twelve character passwords. So, the only thing that will differentiate my passwords from each other is the last three characters. And, here’s how I do that:
Character ten is a special character
greater intensity of colour or systemic. Nitrates vasodilatano4 tadalafil for sale.
pudendo and perineal muscles plexus pelvic splanchnic (5). buy levitra treatment you should conduct a comprehensive assessment of.
via cholinergic, that contains and the remaining stimulate neurons free viagra process. The physician and collaborating specialists should.
2. MRI pituitary in suspicion of disease pituitary buy viagra online cheap significantly piÃ1 low among patients without CAD, compared to those who instead.
Peyronie’s diseasedrug, sexual because of the DE. PuÃ2 be used in combi – of a cylinder of plastic material connected to a pump (manual or viagra 120mg.
to exclude the presence of a tumor of the gland, which forms cylinders that are inserted atthe inside of the cavernous bodies of the order viagra They are in general comparative studies of oral Is an effective treatment and well.
. In this example it will be either a $ (dollar sign) or # (pound/hash sign). I select the $ if my password is work related, and the # for personal accounts.
Characters eleven and twelve are made up by the first two letters of the website/company name where I’m logging in. I further mix it up by using a capital first letter and lowercase second one. E.g. If this is a login for my Hotmail account, then the two characters would be “Ho”.
The whole password for my Hotmail account would look like this: Trd1aw&i1#Ho
While this password appears totally random, it makes sense to me. On top of that, I can easily remember multiple passwords like this. Here’s a few samples using this example:
Hotmail (personal email) = Trd1aw&i1#Ho
Oracle (work email) = Trd1aw&i1$Or
Sun Portal (work collaboration) = Trd1aw&i1$Su
Skateboardforum.com (personal discussion forum) = Trd1aw&i1#Sk
Capital One (personal bank account) = Trd1aw&i1#Ca
Here’s my super-secret formula in one line:
[9 chars for main part] [1 char for the type (work or personal)] [2 chars for the name]
Get it? Try it out!
Do you have an opinion on this? We’d love to hear your thoughts! Please share your password ideas (without giving away any personal pw info) by commenting below.
I hope this article helped to spawn some creative ideas on how you can improve your security!
-Vaughn (wearing his CIO hat)
Please comment by clicking “Leave a Comment.” And, if you dig, share this article! Also, please type your email address into the “Subscribe” box up top to get updates each time I post a new blog article.
You can rest assured that we will never SPAM your email account, and it’s only used to send the latest articles.
Hey V, What about those instances where your network password must be changed periodically and, let’s say, you can’t reuse the past 6 passwords? What a PAIN!!! I’ve been looking for an easy way to remember those. If they had SSO inplace it would be alot easier but the internal apps require individual passwords as well.
Great question, Mike! I do exactly what Brian mentions two comments below. Using a sequence matched with your normal secure password is a great way to tackle this. Almost all passwords that must be changed don’t allow you to reuse a previous password for several times (up to a maximum of ten). For this reason, I use a single digit 0-9, which covers ten changes.
I believe that if we were better at password management and also memorizing them (never write them down) that we wouldn’t have to change them… Ever. Unfortunately, it’s a catch-22… If they make us change them frequently, and we don’t use a solid system to memorize them, then we end up writing them down anyway.
Thanks for the comment!
-V
What? When it says enter “password” I do . . . I type “password” . . . . isn’t that what everyone does? 🙂
HA! You joke, but I knew someone (years ago) who was having trouble logging in. On the phone I told here, “Now type your password,” and she kept failing to get in. So, I walked down to her desk and stepped through the process… Watching, I noticed that when the time came for her password, she was typing, “Y O U R P A S S W O R D”
That was what I had told her to do…
LOL
Very helpful thanks Vaughn. Also, for all my passwords that expire I use a sequential numbering scheme in front. I change all these on the same day with the same number. That way all I have to remember is the password I came up with from above, and the number I am on. Since I am touching these accounts to change the pw, this also keeps my accounts open for those that may expire due to inactivity.
Excellent idea, Brian! I do something very similar. Passwords are meant to be secure and private, and unfortunately sys admin tricks like making us change them often make them unsecure (insecure just doesn’t have the same IT sound to it… HA!) and public (because people tend to write them down somewhere).
Thanks for the kind words, and checking in!
-Vaughn
While I agree that this method is a great one to come up with a complex password, I do have some disagreement with some of the other recommendations.
– While this PW is strong and then last part changes, if you have a compromise of any site where the attacker gains your PW, you are really relying on the strength of the remaining portion that is different per site.
– I believe that using a password manager is a good method. I happen to use LastPass (yes, I know they were breached a while back so I now trust them to be even more careful and what was stolen was not usable if you had a strong PW to begin with for their site). There are a number of other good PW managers out there. You can pick a strong PW to use for the manager using a method like what Vaughn talked about and then change it at some reasonable interval, say every 3-6 months depending on how good it was to being with. PW managers often have strong PW generation capabilities that don’t associate back to any poem and are randomly (at least as good as computer randomization is, it is usually much better than humans) created based on criteria you select such as upper, lower, special, numbers, etc and length.
– If you use a PW manager then you only have to remember the one strong PW and if you change it regularly I think you might even be a little safer and than all your PWs can be much more random and unique per site.
– Another issue I have with the OP’s method (sorry Vaughn), is that many sites have different rules for PWs so you can’t always use the same PW and just change the end bit. This compounds the difficulty in remembering your PW without using some kind of password manager.
– Lastly, the sites will often have different times that they require the PW change to happen. This will cause further drift of similarity b/w what you use for each site and again point to the need to use a PW manager that can just create strong PWs for you and you truly only have to remember one (well, ok maybe two (your login to your device that you run the PW manager on which is sometimes a corporate laptop or something that has its own PW rules and the PW manager won’t be running at login time). To get around that is easy though. You can run the PW manager typically on mobile phones or access them in the cloud (in the example of Lastpass) from any computer. There are ways to join 2 factor authentication to the main account and really get as secure as you want.
– Tom
Awesome response, Tom! Thank you for putting so much useful info in there. I agree for the most part. My way is flawed in a few small areas, but has worked nicely for me for years. I guess I’m still paranoid about PW managers and will probably remain so until I can be shown the light. Thanks for chiming in!
-V