Making your passwords VERY STRONG
A few days ago I discovered [PasswordMeter] via [Lifehacker]. The website tests a password strength as you type it. So I put my passwords to the test and to my dismay all were 'very weak' (but one, which I considered my super-duper password, got a 'weak' rating). Not satisfied with that, I decided to create new passwords that will be categorized as "very strong" by following the website suggestions.
So here I'm going to share how you can create a 100% very strong password for your internet places. For a password to be strong or very strong, it has to combine capital (upper case) letters, numbers and symbols. That seems complicated, so let's see how we can remember such things.
First at all, I'm using the strategy of two sections, a "master password" plus something particular of the URL that you are creating the password. This means that you will end up with a different password per website (don't freak out, you don't have to memorize every single password, you only have to know how it gets calculated, like a formula). Your master password doesn't change, it will be the same for all your passwords. The general form is like this:
[Master Password][URL specific]
Lets work first with the Master Password section. Here, instead of trying to remember a series of random characters and numbers, just think of a phrase, something simple but common (for you) that you will not forget. As bonus, think on a phrase with words like "at", "and", "number", "more than", "less than", "percent" or the phrase being a question or an exclamation (more details on that later). Also try to put pronouns or names on it. So lets go one step at the time:
1. Think of a simple phrase that you won't forget, for this example I'm going to use:
I like Pluto more than Fido.
2. Take the initial letter of each word to make your password (remember to keep capital letters as such. This is why we needed names or pronouns in the phrase, so you can easily remember, grammatically, that the letter is capital):
IlPmtF.
(Notice the period at the end? That's part of the phrase and is a bonus for password strength)
3. Change some words for symbols. This is, instead of using the initial for 'number', just use # or instead of using 'and' use & or +, for 'at' change to '@' and so on. So remember our phrase has 'more than', so we'll change the 'mt' (initials of 'more than') for the corresponding symbol '>'.
IlP>F.
You are done with your master password! Remember that is up to you what phrase to use. Try to keep it secret, so don't go around repeating it to people. Some ideas are quotes you like from a movie, book or famous person, a statement of something you like or don't like, love or hate, etc. All of your passwords will have this initial section.
Now you need to create something particular for the website you are subscribing to. That way each password will be different. This is way more better than using the same password everywhere, because if your password gets compromised in some website, you don't have to run and change it in all other places. That password, the one stolen or compromised, was only for that particular site.
4. Now we need something particular for the website you are subscribing. I'm gonna give you the suggestion of taking the first 3 letters (non-vowels) of the main domain name (ignoring www or other prefixes and the .com, .net, .org, etc). For example:
http://www.livejournal.com
Will give you as result lvj. Now, since this is after a period (remember you master password ended with a period or any other punctuation sign, which is my recomendation) let's turn the l into L (mixing more capital letters). So the end result will be Lvj. Remember, you could had used just the first 3 letters, or the last 3, etc. It is up to you.
5. Add some numbers. So far we have lower case and upper case letters in our password, as well as symbol. But no password can be very strong without numbers. So we can add some numbers to it. I suggest to count letters in the URL. One way will be to count the vowels and consonants, then join them with a '+' sign. So for livejournal the result will be 5 vowels and 6 consonants. If we join this with our 3 letters, we'll get:
Lvj5+6
That's it! You are done with your URL specific section. Now join both sections to get your password:
IlP>F.Lvj5+6
Test it! That's a 100% very strong password. And it shouldn't be that hard to remember.
Using this method you will end up with IlP>F.Htm3+4 for Hotmail and IlP>F.Yhc3+2 for Yahoo. Both of them 100% very strong passwords!
Now go and think of a phrase and what 'formula' you are going to use for the second section of the password. Test your formula a few times with some websites you have passwords with, to see the effectiveness of it. Also practicing this way will help memorize your formula so you'll never have to remember a password!
Some general password tips:
- Your password is more private than your social security number! Some entities require you to give them your social and you have no choice. But no one, not even someone claiming to work for that website/bank/institution, should require or ask you to give your password (no matter how convincing they sound). So don't share your passwords!
- Don't write down your password in a piece of paper or type it in a document. Using the method described here, your password is safe in your brain and you can reconstruct it any time.
- Keep in mind that some websites might not allow some special characters. I encountered one that didn't allow '&' and another one that didn't allow ':'. So your method has to be flexible for these cases. In my case, I changed & for + and : for ; and things worked fine.
- There are some websites that their URL is too short to fit into the formula described here (or a different one that you might think of). So you must have an exception to the rule. For example www.aa.com (for American Airlines) don't even have consonants in its domain name. So you compromise and simply use the first 3 letters, no matter what they are. So in this case you'll end up with Aac (the 'c' comes from .com, as we have no more letters to pick from).
Happy re-passwording!
So here I'm going to share how you can create a 100% very strong password for your internet places. For a password to be strong or very strong, it has to combine capital (upper case) letters, numbers and symbols. That seems complicated, so let's see how we can remember such things.
First at all, I'm using the strategy of two sections, a "master password" plus something particular of the URL that you are creating the password. This means that you will end up with a different password per website (don't freak out, you don't have to memorize every single password, you only have to know how it gets calculated, like a formula). Your master password doesn't change, it will be the same for all your passwords. The general form is like this:
[Master Password][URL specific]
Lets work first with the Master Password section. Here, instead of trying to remember a series of random characters and numbers, just think of a phrase, something simple but common (for you) that you will not forget. As bonus, think on a phrase with words like "at", "and", "number", "more than", "less than", "percent" or the phrase being a question or an exclamation (more details on that later). Also try to put pronouns or names on it. So lets go one step at the time:
1. Think of a simple phrase that you won't forget, for this example I'm going to use:
I like Pluto more than Fido.
2. Take the initial letter of each word to make your password (remember to keep capital letters as such. This is why we needed names or pronouns in the phrase, so you can easily remember, grammatically, that the letter is capital):
IlPmtF.
(Notice the period at the end? That's part of the phrase and is a bonus for password strength)
3. Change some words for symbols. This is, instead of using the initial for 'number', just use # or instead of using 'and' use & or +, for 'at' change to '@' and so on. So remember our phrase has 'more than', so we'll change the 'mt' (initials of 'more than') for the corresponding symbol '>'.
IlP>F.
You are done with your master password! Remember that is up to you what phrase to use. Try to keep it secret, so don't go around repeating it to people. Some ideas are quotes you like from a movie, book or famous person, a statement of something you like or don't like, love or hate, etc. All of your passwords will have this initial section.
Now you need to create something particular for the website you are subscribing to. That way each password will be different. This is way more better than using the same password everywhere, because if your password gets compromised in some website, you don't have to run and change it in all other places. That password, the one stolen or compromised, was only for that particular site.
4. Now we need something particular for the website you are subscribing. I'm gonna give you the suggestion of taking the first 3 letters (non-vowels) of the main domain name (ignoring www or other prefixes and the .com, .net, .org, etc). For example:
http://www.livejournal.com
Will give you as result lvj. Now, since this is after a period (remember you master password ended with a period or any other punctuation sign, which is my recomendation) let's turn the l into L (mixing more capital letters). So the end result will be Lvj. Remember, you could had used just the first 3 letters, or the last 3, etc. It is up to you.
5. Add some numbers. So far we have lower case and upper case letters in our password, as well as symbol. But no password can be very strong without numbers. So we can add some numbers to it. I suggest to count letters in the URL. One way will be to count the vowels and consonants, then join them with a '+' sign. So for livejournal the result will be 5 vowels and 6 consonants. If we join this with our 3 letters, we'll get:
Lvj5+6
That's it! You are done with your URL specific section. Now join both sections to get your password:
IlP>F.Lvj5+6
Test it! That's a 100% very strong password. And it shouldn't be that hard to remember.
Using this method you will end up with IlP>F.Htm3+4 for Hotmail and IlP>F.Yhc3+2 for Yahoo. Both of them 100% very strong passwords!
Now go and think of a phrase and what 'formula' you are going to use for the second section of the password. Test your formula a few times with some websites you have passwords with, to see the effectiveness of it. Also practicing this way will help memorize your formula so you'll never have to remember a password!
Some general password tips:
- Your password is more private than your social security number! Some entities require you to give them your social and you have no choice. But no one, not even someone claiming to work for that website/bank/institution, should require or ask you to give your password (no matter how convincing they sound). So don't share your passwords!
- Don't write down your password in a piece of paper or type it in a document. Using the method described here, your password is safe in your brain and you can reconstruct it any time.
- Keep in mind that some websites might not allow some special characters. I encountered one that didn't allow '&' and another one that didn't allow ':'. So your method has to be flexible for these cases. In my case, I changed & for + and : for ; and things worked fine.
- There are some websites that their URL is too short to fit into the formula described here (or a different one that you might think of). So you must have an exception to the rule. For example www.aa.com (for American Airlines) don't even have consonants in its domain name. So you compromise and simply use the first 3 letters, no matter what they are. So in this case you'll end up with Aac (the 'c' comes from .com, as we have no more letters to pick from).
Happy re-passwording!