Thursday, December 6, 2007


Passwords are proliferating in our daily lives. How can we create strong but memorable passwords? This post suggests a method.

Most sites suggest several basic guidelines for creating passwords. Most or all of them are covered below.

1. Passwords must never be a single word or concatenation of words:

  • Anthony
  • larryLou
  • Christinejan
  • funnycat

To "concatenate," by the way, means to link together in a series.

2. Passwords must never be a familiar number or word to you (especially your Social Security Number):

  • Feb19
  • 06291990
  • 24July1992
  • 32367007

3. Some sites require passwords to meet certain requirements:

  1. It must begin with a letter.
  2. It must have at least one uppercase letter.
  3. It must contain at least one numeral.
  4. It can't be your name, birthday, social security number, street address.
  5. It can't be the word, "password."
  6. It must contain at least one special character, e.g., $ or # or ^ or &, et al.
  7. It must contain between six to eight characters.

  • Jim@s2legs
  • LI$ais17
  • Ekn60126

4. Many people deal with their passwords in two ways:

  • They use one password for all sites, like Ekn60126.
  • They use one password for most sites, except for a few special ones. Their usual password is Ekn60126 and their special password, which is reserved for their bank accounts, for instance, is Alm7opp.


There is a better way. The two preceding methods have one major flaw. If somebody learned your usual (or special) password, s/he will be able to access your account. (I'm ignoring the username at this point since I'll cover that in another post.)

Is there a better way to handle this proliferation?

Yes, there is. Before we go on, let me clarify that the term, "character," refers to either a letter or numeral. In other words, letters and numerals (and even special symbols like $ or &) are characters.

The following method allows you to create a dynamic password that changes with every site and, yet, remains easy to remember. In addition, you can modify the principles outlined below to create your own algorithm. An "algorithm" is a step-by-step procedure for solving a problem. These are the steps.

First, create a sentence memorable to yourself. This is a sentence that you know you can remember. Let’s say your name is William and you live at 322 San Carlos Rd. Your memorable sentence could be:

  • William lives at 322 San Carlos Rd.

Second, take the first character of each word in the sentence:

  • Wla3scr

This becomes your root word.

Third, create your algorithm. You can create any rule(s).

You decide that the rule would be to use the first character of the website to sandwich your root word. Furthermore, you decide to always make the first character of the website uppercase.

  • Site: YWla3scry......... 9 characters

Your root word, Wla3scr, is sandwiched between an uppercase Y and a lowercase y. The “y” came from “yahoo.”

Is nine characters too long? Then drop the last character of your root word before using the first two characters. Change your rule to accommodate the length limitation.

  • Site: GWla3scg........... 8 characters

Still too long? Use a shorter sentence to create your root word:

  • Larry is 18.

This creates two possible root words; one with one numeral (Li1) and the other with two numerals (Li18). Longer passwords are more difficult to break.
  • Site: YLi18y................. 6 characters

This dynamic method of creating passwords has five benefits.

  1. You have a different password for every site.
  2. Each password is based on the site's address.
  3. Recalling the password is easily done by applying the algorithm.
  4. Changing the password is as easy as changing your root sentence and / or your algorithm.
  5. Even if two or three passwords are compromised, it's still difficult to crack the algorithm.

As stated earlier, you should use these principles as starting points for creating your own algorithms.You could, for example, change the rule to always capitalize the second character of the website and insert that between the first and second characters of your root word.

  • Larry is 18.

You decide to create a root word that starts with a lowercase L and ends with two numerals: li18.

  • Site: Yli1A8................. 6 characters
  • Site: Gli1M8................. 6 characters

Note how your password changes for every website. Even if two of your passwords were learned, it would still take time and effort to break the algorithm.

You could also, for instance, use two memorable sentences to create two passwords: one for regular sites and the other for special sites.

An infinite number of possibilities exists so use your imagination and create strong and easily-remembered passwords. Good luck!

Finally, here are two sites that contain more password creation and password cracking (!) guidelines.

Sphere: Related Content

No comments: