3 Steps to Producing Powerful Passwords

What do you do when that dreaded moment comes when you have to come up with another password? Maybe they are out there but I don’t know anyone who thinks coming up with passwords and remembering them is fun.

On the one hand, if you use a password that is easy to remember it will likely be easy to hack (and probably won’t meet the password requirements). On the other hand, if you use a complicated password it will be difficult to remember. Let’s take a look at how you can easily balance these two tensions by using a proven 3 step method.

What are the goals?

To create reasonably secure passwords. First off, it is impractical to memorize unique passwords for all the places you need them. That why I recommend using a password manager. Instead, the goal is to create secure passwords for your “master password” and for those places you can’t use a password manager. I am not a security expert but I trust Steve Gibson. His general recommendations are:

  • At least one letter in upper case.
  • Another one in lower case.
  • There will be at least one digit.
  • And one symbol.
  • 12 characters long is optimum

These guidelines will also likely meet most firm and website requirements. If you want to check out how good your password is, take a look at the tool Steve created: Password Haystacks.

To make them easy to remember. Two thoughts on this. One, you want to take something that is already fixed in your memory and create a password from that (more on that in the steps below). Two, you want to come up with your own password formula. This doesn’t have to be hard. It can be something like “I always capitalize the 3rd letter” or “I always put two ## signs in the middle”. Of course, now that I’ve mentioned those, don’t use those particular ones but you get the idea.

Need a little comic relief?

What’s wrong with your pa$$w0rd?

What are the steps?

These steps are taken from the “Schneier scheme.” Security expert Bruce Schneier started recommending them in 2008 and he still sticks by them. I have looked at several alternatives but I use and recommend his method. In summary he says “Combine a personally memorable sentence with some personally memorable tricks to modify that sentence into a password to create a lengthy password.”

  1. Come up with a sentence that is personal, yet memorable to you that is around 12 words long.
  2. Get the first letter from each word.
  3. Tweak it in ways that are personal and memorable to you.

Example:

Sentence: I broke my arm when I was in 6th grade.

Password: iBm@wiwi6thg

Why not give this a try the next time you need to create a new password?

Question: What things have you found helpful in creating passwords or making yourself more secure online? Leave your thoughts in the Comments.

About Craig Huggart

Craig Huggart

After earning his M.B.A. from the University of Alabama, Craig Huggart found his passion as a technology trainer for Law Firms. He is the Training Manager at a large firm. Also, he is an Alabama Football fan, a Star Trek geek, and a triathlon finisher. Check out his site: craighuggart.com.

Check Also

cybersecurity

Working Together for Mutual Defense

In this environment, some firms are increasingly and incorrectly writing-off cybersecurity and losses from cybercrime as a modern cost of business.