A password is GREAT if it is both easy to remember and hard to crack.
Most passwords fail at one or both of these criteria. Passwords that are easy to remember are almost never the sort to satisfy the requirements of a secure content provider such as your bank. Your phone number is easy to remember and so are your initials; both are matters of public record and easy to guess (read: hack). On the other hand, think of the last time you had to come up with a password of more than 5 characters that had a number and funny character in it and remember what it was. Chances are you had to write it down, perhaps on a note that is in close proximity to your computer.
The truth is that the solution to making passwords good for both parties – you and your secure content provider – is not just yours to find. Secure content providers could help with more robust and user-friendly password patterns. Most sites that require passwords make it impossible to use a password you can easily remember. Financial websites in particular have password requirements that were not designed with “easy to remember” as a standard.
So, what is a good method to coming up with your own great password, one that you won’t have to write down near your desk and that will be impossible for someone to guess? Here’s a suggestion the experts say will work for just about everybody:
- Think of three words that describe a regular event in your life.
- Think of the street number of your neighbor three doors down (or PO Box number three boxes away from your own, or the year of your 3rd anniversary, etc.)
- Think of a punctuation mark that is not a hyphen or period. (Bonus points if the way the mark looks reminds you of one of the three words.)
- Put it together. Type up all 3 things in one long odd word, in reverse order. (step 3, then step 2, then step 1).
Here’s how to use this process
I frequently drive past the Shell station at the corner on Haywood Road when I go to my local bank’s branch office. So my three words are “past”, “Shell”, “Haywood”. My neighbor three doors down is at house number 68. My punctuation mark is “|” because the station is on Haywood. My online banking password would be pastShell|Haywood68. Notice that I moved my punctuation mark to show the gas station is on Haywood. Now that I have the picture of this scene in my mind – the vignette – I can remember my password by visualizing the scene and remembering that there are three words, the number is of my neighbor three doors down (the one with all the kids) and the mark for “on”. This password is 19 characters long, is not a known word but is comprised of words that have no naturally occuring syntactical relation to each other. Equally important, it is easy for YOU to remember. Not only that, the password is easy to type quickly. It’s a GREAT password. But don’t use it for your own!
Here’s another example of how to make up a great password. Say in the Fall there is a beautiful oak tree and two traffic lights between your gym and your bank. A great password would be bank[oak2lights]gym. This example has another advantage. Some secure content providers limit the number of characters in a password, requiring the password be more than 5 and less than 15 characters long with certain character requirements (numbers, letters, e.g). This password would work in that case because you would simply type the password in its entirety while the content provider would ignore the characters after the limit. The letters, punctuation mark, and a number would be included before the character limit trimmed them out; the password would be a good one and satisfy the content provider’s password definition scheme.
Experts say that thinking up three words describing a regular event and sticking those words together in one long word is far and away harder to crack than shorter, “easier to remember” cryptic words with numbers, letters and marks. This approach works particularly well for financial web sites because it allows you to have a different password from other passwords, such as the one protecting your computer. (Read the Wikipedia article on Key Length)
So think of your own vignette, a scene that plays out regularly in your routine, and craft a password that meets the gold-standard of secure access: easy (for you) to remember and hard to crack! It will be GREAT!
Your passwords are very important to your online safety, but they aren’t the only factor. Find out more on our website. Click here to read more from our series of online security blog posts.