Creating (and Remembering) Secure Passwords

A guide to creating and remembering secure passwords

Over the last few articles in this section of the site, we’ve taken a look at the various ways in which we get password selection wrong. Whilst that’s all very well, we’ve not yet looked at the best ways to create strong, hard-to-crack passwords.

This article is going to take a look at strategies we can employ to improve our password selections and, therefore, their strength.

Part One – Before We Begin

This section contains a list of the things that you need to consider about password creation and use

  • Accept that you’re as likely a target as any other online computer/device user.

Due to the myriad of ways that hackers are able to make use of personal information for their own personal gain, everyone (and I mean everyone) has information contained within online accounts that’s potentially of great value to them.  Just because you haven’t been targeted up to now, doesn’t mean that you won’t be.

  • Keep the whole password affair as impersonal as possible.

Think ‘outside the box’ and don’t choose words or phrases that hold a particular significance for you, such as birthdays or relatives names.  Anyone looking to try and hack into your online life will do their homework first. They’ll scan social media accounts, posts we’ve made on forums or within other online services and build a picture of who/what is important to us.  This information can then be used to build a list of potential passwords.

  • Don’t share your passwords with anyone.

Really, this little gem should go without saying.  And yet, there are a surprising number among us who do share our passwords at some time or another.  Consider it the equivalent of permanently handing someone a set of your keys to your house.  They’re then free to come and go as they please until you change the locks.

Part Two – Choosing Your Password

When it comes to choosing a password, the world really is your oyster and the options limitless. This section contains a few tips for choosing passwords that are both strong and not too hard to remember:

    1. Use a sentence or phrase as the basis for your password –  Rather than choosing a single word or two as a basis for your password, think bigger.  Think of an entire phrase as your starting point for what you’ll use to secure something.  (More on this below)
    2. Make It Long – As we looked at in a previous article, password length can make a big impact on the length of time it takes to crack it. At least 8 characters is ok, more than 10 is ideal.  (It’s worth noting here that some websites and applications limit password length so in some cases we might have to choose slightly shorter ones)
    3. Mix It Up – use a variation of CapItAl and lOwErcASe letters in your password, as well as a couple of numbers.  At least one of each within your password makes a difference, but jumbling a handful up is even better. Try to avoid grouping them together too much if you can.
    4. Give It Some Space – Ok, so many password systems won’t allow you to add physical spaces (although there are a few that will). However, the _underscore_ makes a fairly nice alternative to a physical press of the spacebar and is just as efficient.
    5. It’s All A Bit Symbolic – in addition to CAPITAL letters, lowercase letters and numb3rs, make sure that there’s at least one symbol in there too (@#!*&).  This adds another frustrating curveball for any would-be hacker.  (In some places, I’ve read suggestions to use the computer’s character map/palette to insert special characters.  However, I’d advise against this as entering the password across different platforms might become difficult or impossible.  It also adds more hassle for us to enter them at all and, ultimately, won’t increase our password security that much)
    6. Change Is As Good As Rest – Change your passwords periodically.  Once every three to six months should be adequate in the majority of cases, but you might want to change it more often in some circumstances.
      NOTE: If you have any concerns that any of your accounts might have been compromised, change it’s password IMMEDIATELY


Part 3 – A Working Example

In this section, I’m going to go through the process of creating a secure and fairly easy to remember password, together with explanations behind the choices.

1. Choose My Sentence or Phrase
For this, I’d suggest using a mnemonic device to come up with something.  One such example is the Person-Action-Object (PAO) method.  Just go onto the internet and find an image of a person performing an action to or with an object, something that has an appeal or sticks in your mind.

And here’s mine:

And my POA phrase from this is “cute squirrel dances in the woodland”.

2. Use My Sentence to Create a Password
The easiest way to do this is to take certain letters from our phrase to assemble a password that’s not too hard to remember. In this example, I’m going to choose the first two letters from each word, giving me:


Already, we can see that the above password is little more than a random set of twelve letters and on it’s way to being tough to crack. But we’re not quite there yet.

3. Spaces/Uppercase/Lowercase/Numbers/Symbols
Now we’re going to mix things up a little more with the addition of some random characters. These characters will still hold some meaning though.

a. First of all, lets add a space after what the squirrel is doing, but before we know where he’s doing it:


b. Now, lets throw a couple of numbers in. A useful way to do this is often in place of certain vowels. This will give us:


c. Now, capital letter(s):


d. And lastly, another symbol:


And there we go, we’ve just created a password that’s based on a dancing squirrel. Not bad for ten minutes work huh? Not only that, it’s a password that’s got all the ingredients of being strong, hard to guess and apparently nonsense.

However, the above example I’ve provided might not be the best in terms of being able to memorise it. It’s a random squirrel in a random picture and holds no significance for us. However, we can translate the above into our personal lives.

Say I’ve got 3 children; Larry, Barry and Cornelius (poor bugger) and that their favorite hobby is soccer, which they all play together every Saturday from 11am.

This can give us: “Larry, Barry and Cornelius play Soccer every Saturday at 11am”.

And my password is: “La,Ba&CoplSoevSat@1100”

I’ve stated a series of facts that I’ll remember, I’ve mentioned no full names or other details, the password includes all the right ingredients (upper/lowercase letters, numbers, symbols) and it’s 22 characters long!

Actually, that might be a bit too long. So lets make it a bit shorter: “L,B&CpseS@11”

There we go, now down to just 12 characters and still plenty secure enough.

Part Four – Memorising Passwords

Now that we’ve chosen our password, the next thing we need to do is ensure that we remember it. In some cases, this might not be too much of a problem but what if we have several accounts and we need to remember which one goes with which?

The first thing I’d suggest here is to use a similar “cypher” for all of your passwords. Have certain rules that you use in order to create them. For example:
In any password you create you;

  • only use the first two letters of each phrase word
  • every ‘e’ in the password is replaced with a 3
  • any number is prefixed with # (not including our letter changes)

and so on.

This provides a structure to our password creation and assists in remembering them.

It’s also ok to write them down (in hardcopy) and keep them in a safe place, away from your computer and from any prying eyes. Remember, we’re defending against people trying to remotely access our accounts via a network connection, not from someone rooting through the bottom of your underwear draw. If you do happen to forget a password for a particular account, it’s easily sorted out.

It’s also possible to ‘code’ your written down passwords so that if anyone should happen to see the list, it’s still of very little use. The easiest way to do this is to add an offset pattern, where each coded character is a number of alphabetical letters or numbers higher than the actual character used.

For Example:
with a +2 offset pattern would become:
where the first character (in this case ‘2’) is the offset number. Notice that I also changed the symbol ‘&’ into ‘(‘, because that’s 2 digits higher on the keyboard.

In any case, be creative. Don’t just use the examples I’ve provided here. As I said at the beginning, think bigger!

Part Five – Password Managers

An alternative to a fair amount of what I’ve described here is to use a Password Manager.

“A password manager is a software application or hardware to assist in creating, storing, and retrieving complex passwords from a database. Password managers usually store passwords encrypted, requiring the user to create a master password: a single, ideally very strong password which grants the user access to their entire password database. Some password managers store passwords on the user’s computer (called offline password managers), whereas others store data in the provider’s cloud (often called online password managers). However offline password managers also offer data storage in the user’s own cloud accounts rather than the provider’s cloud. While the core functionality of a password manager is to securely store large collections of passwords, many provide additional features such as form filling and password generation.”

Source: Wikipedia

I’m not going to go into any further detail on Password Managers here, but if it’s something you’d like to consider PC Magazine have reviewed both free and paid versions. I’ve linked both articles below.

Weekly Roundup – 14.04.2017

Another busy week, plus the usual new articles and Twitter highlights.

It’s been another busy week over here, with quite a number of articles being posted and developments to the site itself still happening.  I’ve also managed to complete some more articles around CIT which will get posted over the next week or so.

Continue reading “Weekly Roundup – 14.04.2017”

100 Of The Most Common Passwords

The ‘Wonderful 100’ – 100 of the most used passwords

This is a simple list of the top 100 most common passwords. This list does change and move around regularly and will sometimes appear in a different order. Some passwords become more common, others less so and sometimes new passwords will appear (The release of Star Wars Episode VII, towards the end of 2015 caused a huge influx of related passwords in 2016, so steer clear of those too). This wonderful 100 have been around a while and, sadly, hasn’t changed much.

If you’re using any of these passwords for any of your accounts or devices, I’d strongly recommend that you change them immediately Warning: Contains explicit language

  1. password

  2. 123456

  3. 12345678

  4. 1234

  5. qwerty

  6. 12345

  7. dragon

  8. pussy

  9. baseball

  10. football

  11. letmein

  12. monkey

  13. 696969

  14. abc123

  15. mustang

  16. michael

  17. shadow

  18. master

  19. jennifer

  20. 111111

  21. 2000

  22. jordan

  23. superman

  24. harley

  25. 1234567

  26. fuckme

  27. hunter

  28. fuckyou

  29. trustno1

  30. ranger

  31. buster

  32. thomas

  33. tigger

  34. robert

  35. soccer

  36. fuck

  37. batman

  38. test

  39. pass

  40. killer

  41. hockey

  42. george

  43. charlie

  44. andrew

  45. michelle

  46. love

  47. sunshine

  48. jessica

  49. asshole

  50. 6969

  51. pepper

  52. daniel

  53. access

  54. 123456789

  55. 654321

  56. joshua

  57. maggie

  58. starwars

  59. silver

  60. william

  61. dallas

  62. yankees

  63. 123123

  64. ashley

  65. 666666

  66. hello

  67. amanda

  68. orange

  69. biteme

  70. freedom

  71. computer

  72. sexy

  73. thunder

  74. nicole

  75. ginger

  76. heather

  77. hammer

  78. summer

  79. corvette

  80. taylor

  81. fucker

  82. austin

  83. 1111

  84. merlin

  85. matthew

  86. 121212

  87. golfer

  88. cheese

  89. princess

  90. martin

  91. chelsea

  92. patrick

  93. richard

  94. diamond

  95. yellow

  96. bigdog

  97. secret

  98. asdfgh

  99. sparky

  100. cowboy

We Still Don’t Protect Ourselves – Some Password Statistics

A look at some facts and figures about password security

It’s absolutely everywhere.  Every account we have, every time we sign up for something online; “Choose a strong password”.  The vast majority of us know that strong passwords are one of the most important aspects to keeping our lives in cyberspace secure, and yet, it seems we’re hell bent on continuing to do the virtual equivalent of ‘leaving the key in the lock’. Continue reading “We Still Don’t Protect Ourselves – Some Password Statistics”