10 steps to picking a good password

 I personally hate attempting to come up with passwords. Everyone always says that you should never use the same one twice and it should contain numbers, characters, symbols, and whatever else you can find on your keyboard. Remembering all those damn words and weird combos is hell.

You can always store all your passwords in an encrypted file with a master password, but what if you’re computer wipes or you manage to lose the file ( trust me it can happen). There are even programs that generate seemingly random passwords based on an initial password, then put in the initial password to get your real one at any time. Relying on a program is probably just going to get you in trouble.

  1. Pick a quote from your favorite author, lyrics from your favorite band or a favorite saying. The more obscure the reference is the better, but make sure you can remember it easily. Indirectly relating it to the purpose of the password will help remembering it with minimal security risk. Be aware of where the cutoff point for characters are, but don’t change your password because of it. For this example I’ll use a Gandhi quote “An eye for an eye makes the whole world blind”


  2. Remove all the spaces from it and any special characters that are not allowed for that specific site. Also make sure that everything is lowercase for now. “aneyeforaneyemakesthewholeworldblind” see now we have a 35 character password that is already near impossible to brute force and unlikely to be on many basic word lists.


  3. Replace any words you can with slang that would be less likely to be in a dictionary. so instead of “love” you could put “luv” or in this case replace “for” with “4″ “aneye4aneyemakesthewholeworldblind”


  4. Next we need to determine what to capitalize. Common capitalization such as the first letter or pronouns is a bad idea in this case since those would be common variations in a word list, but keep in mind the whole point is to remember it. Hell even see if you can spell out another word. After capitalizing the Ys and the letters for WOW we have “aneYe4aneYemakestheWhOleWorldblind”.


  5. Next is those pesky numbers.Many people like to pick an important number and stick it at the beginning or end. While making the websites happy, it doesn’t do that much for security. Picking an important number is great but placing it inside the password and preferably with letters in between each number will be much more secure. Another option is replacing letters with numbers. This can make it easy to remember and consistent. In this example we’ll replace the e’s with 6′s. “an6Y64an6Y6makesth6WhOl6Worldblind”


  6. For the last leg of extra security lets do the same for symbols. replace “a” with “?”. “?n6Y64\?n6Y6m?kesth6WhOl6Worldblind”


  7. Finally check that it is going to be a memorable password. Try typing out the password a couple times. If you trip up on something then consider changing it. Just the long password will make it safe, you might even want to cut out one of the steps if it is to troublesome.




  10. profit?

Ok I lied thats only 7. But it’s 7 really good ones right? The most important thing to keep in mind is that the goal is to easily remember this password. If you can do this but only apply half of the steps then you are fairly well off. If you are still have some trouble try picking a phrase you are positive you will remember and then write down the exact steps, but don’t keep the phrase anywhere near them.

Hopefully this will help you manage your passswords easier while being much more secure. With all these steps there is a very small chance that anyone will be able bruteforce it. Just don’t tell anyone the password, that is probably one of the most common way you’re password will get out. The fact that you’re reading this means your at least somewhat security aware and will not throw your password out there.

Good luck!

This entry was posted on Thursday, May 14th, 2009 at 10:38 pm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “10 steps to picking a good password”

Leave a Reply