You know you need a better password. Everybody does. The trouble is coming up with unique passwords for every login without having to write each password down. Is that even possible?! It is, I promise you. As proof, I’d like to share with you three simple password strategies to create the best, most un-crackable passwords you’ve ever had.
Every day we’re required to input passwords. We’re told that they need to be strong but we’re also told that we shouldn’t write them down. Ahh! And what exactly does a “strong password” even look like?
Password Strategies for “Strong Passwords”
Before I dive into my three simple (but effective!) password strategies, let me first help you define what a “strong password” looks like. There are a few important questions you should ask to determine whether or not your passwords could be considered strong. These questions include:
- Is My Password Unique? Like it or not, each of your passwords for each of your logins need to be unique. Why? Let’s say that one of your passwords get stolen or swiped somehow. If you use the same password for all your logins, the thief could now easily access your bank, investment account or other important accounts.
- Is my Password Long Enough? The proof is in the math. A longer password is naturally harder to crack (although with brute force, technically anything is possible). Your password should be at least 12 characters long but I would suggest 20 or more characters for most people.
- Is My Password Full of Character? Your password needs to have some variety. It should be full of capital letters, lowercase letters, numbers, characters, etc.
- Is my Password Memorable? Writing down your passwords is a bad idea, unless you’re keeping this sheet of paper in a physical safe. Definitely don’t carry a password list around with you. The remaining options are to remember your passwords (it can be done!) or have a master password (which I’ll explain in a moment).
How can you create strong passwords that you can recall without writing them down? I’m excited to introduce three of my favorite password strategies that will produce virtually un-crackable security for your accounts.
Get weekly online security tips when you subscribe to AllThingsSecured on YouTube!
Password Strategy #1: The Nursery Rhyme Strategy
I call this strategy the “Nursery Rhyme Strategy”, but the truth is that any kind of memorable saying, Bible verse or phrase can work here. The key is that whatever phrase you end up using, it’s a phrase that you know by heart.
The strategy works by taking the first (or last) letters from each word in the phrase you’ve chosen and stringing them together to create an unintelligible password.
It’s easier to show you than explain it, so I’m going to use Mary Had a Little Lamb as an example:
In the above example, notice that the final result is a password that is more than 20 characters long, includes various characters (symbols, capital letters, numbers) and makes no sense by itself.
Obviously, I wouldn’t suggest you use my example here. Instead, try to find a phrase or song that is unique to you. This could be:
- The first two lines of your favorite song.
- Your favorite quote.
- Your favorite Bible verse
- A memorable nursery rhyme.
Now if you’ve been reading carefully so far, you’ll notice that this password lacks one characteristic of what we defined as a “strong password”: it’s just one password.
How can we make this password unique for each and every login that you have without you having to think up a new phrase or song for each one? That’s where strategy #2 comes into play…adding unique properties.
Password Strategy #2: Add Unique Properties
Before you jump ahead, I want to clarify that “adding a unique property” does not mean simply adding a “1” or a “!” to the end of your regular password. It’s far too easy for those passwords to be hacked. It’s also not memorable. How do you remember which account you used “1” and which one you used “8”?
There is a better way.
Hacked? Here’s a step-by-step guide for what to do when you’ve been hacked.
One of my favorite password strategies is to incorporate parts of the name of the service I’m using into the password. For example, if I’m creating a password for my Facebook account, I want to add unique properties to my password that are related to Facebook.
This can be done in a number of different ways:
- Adding the first and last letters of the service to the beginning and end of the password: Continuing with the Facebook example, this means that I would begin my password with an “F” and then end it with a “k” (Facebook). If I had chosen Mary Had a Little Lamb as my phrase from Strategy #1, the end result of my unique password would look like this:
- Spell the service backward: Another way to do this would be to add the word “Facebook” at the end of the password, but to spell it backwards. In this case, it would look like: [email protected]$&etMwtlws2gkoobecaF
There are other creative ways to do this, but hopefully you get the idea. By combining both password strategies, you’re creating a difficult and memorable password for each account login without having to write it down.
*Note: One thing you might be thinking is that it will take too long to type this out. That’s ok! Your fingers will start to learn the phrase and the fact that it takes a bit of time is a good indication that you’ve got a strong password.
Password Strategy #3: Use a Password Manager
Now, at this point you might be thinking to yourself “This is crazy. There’s no way I’m going to set aside the time to figure this out!“
If that’s you, don’t worry. I understand and thankfully there is now technology that can assist you to create better passwords than you could ever create for yourself. These are called password managers.
There are numerous password managers out there – some are good and some not-so good. Personally, I prefer a password manager called Dashlane.
Password managers are extremely useful because they create extremely long and complicated passwords for each login and then store them so you don’t have to remember it. All you need is a “master password” to unlock it all.
Of course, a system like this is only as secure as the software you’re using, which is why it’s good to go with one like Dashlane that has been recognized as one of the best. There’s a free version you can use but if you upgrade features, it’s ends up being a small amount of money to exchange for airtight security.
Additional features for these types of password managers include security alerts (i.e. “someone is trying to hack into your _____ account!”), quick password changes, autofill and the ability to access passwords on your tablet and mobile devices.
If setting up your own secure password just seems too complicated, a password manager is the way to go.
Final Thoughts | Can Passwords be Cracked?
As I wrap up this look at password strategies, it’s important to point out that there is no such thing as an “un-crackable password”. It’s a myth.
For this reason, I highly recommend you cover yourself with various layers of security. What does this mean? You can do things like:
- Use 2-factor authentication when available: Two-factor authentication is an excellent way to secure even the most secure passwords.
- Refuse to Reuse! Whatever you do, don’t reuse passwords on multiple account logins!
- Create Made-up Answers to Security Questions: What is your mother’s maiden name? Don’t be truthful…it’s waaaaaay too easy to find that info. Create fictitious answers to these regular security questions.
- Understand that nothing is “uncrackable”: Be vigilant. Hacks into services like Yahoo, Linkedin and others should be a clear warning that you don’t always control your own security.
What are your thoughts on good password strategies? Leave a comment below!