2 tips for creating a memorable strong password

The other day, I read in the Wall Street Journal, that Home Depot was investigating a possible security breach regarding credit and debit cards.  And just two days earlier, a few celebrities using Apple’s iCloud service had their personal photos compromised.

The Apple breach was a very targeted attack that exploited weak user passwords. In other words, the celebrities victimized by the crime could have made it more difficult for data thieves by simply using stronger passwords.

These recent news events galvanized me to write this article.

In this guide, I’m not only going to show you how to minimize the chances of being hacked by using a strong password but also show you how to remember your password too.

Let’s go!

Passwords operate on a convenience continuum.

At one end of the spectrum you have ultrabasic dictionary based passwords that are easy to remember but easy to guess.  On the other end of the continuum you have extremely complex passwords comprising symbols, numbers and mixed-case.

On the one hand, this increased complexity makes the password more difficult to brute force but on the other hand, since it’s almost impossible to remember, we end up writing it down which virtually annuls any benefits we would have reaped from having a password in the first place.

Making passwords harder for the bad guys

Password complexity is a function of variation and length so the ideal password would be both long and fairly unpredictable.

The sweet spot is at least 13 characters in length but with no repeating characters. It also should use a combination of uppercase, lowercase, symbols and numbers.

Unfortunately the criteria I just posited will also make it harder for you to remember it too so here are two tips that will make your passwords harder to crack but also easy to remember:

1. Use Diceware

Diceware is a tool based on the premise that combining seven random English words to make a password is more secure then a smaller password crafted with digits, symbols and mixed-case.

Diceware is a list of 7,776 short English words with a five digit number next to each word

The idea is that you roll a single die 35 times writing down the result after each roll.  Then you group all the numbers into containers of 5.

So for example, the results of 35 rolls might look like this:

4 5 2 3 1
1 2 4 4 1
6 1 6 4 2
2 4 5 6 4
2 1 5 6 6
2 3 1 2 3
4 5 3 1 3

Then you match the five digit line with its corresponding English Word from the list.  I typically capitalize each letter of the word for a little added complexity.

So based on the above 7 lines of 5 digit numbers, I matched those to the words in the list and discovered my passphrase :

PaveArgueTritonEstesCreekDietPeck

To remember the password, form a story in your mind using the passphrase as fodder for the plot.

The key is to let your imagination run wild and create something that’s totally wacky.  Use lots of action, gross images, outrageous feelings, bold colors, exaggerated sizes and celebrities doing uncommon things.

This is my story using the Diceware passphrase I just created:


 

I’m rushing to work one morning and see a bunch of construction workers Paving the street near the pedestrian cross walk.  I ignore the construction signs and dash ahead.  But since the workers weren’t finished I now have hot, sticky tar all on my shoes.  One of the burliest most menacing construction guys starts Arguing with me about being stupid and how I need to watch where I’m going.

At this point, I’m vexed and embarrassed and quickly look for a way to get even so I jump in his Mitsubishi Triton Pickup Truck and speed down 6th avenue to my job.

I suddenly have an “Oh crap” moment as I realized I just stole a truck.  I quickly ditch the vehicle and run the last block on foot to my job but end up careening into an old grandmother crossing the street.

Her frapaccino gets launched in the air, walker goes flying the opposite direction and the only thing I remember is her fluorescent orange t-shirt that said “Estes Park, Colorado” in bold black letters.

Feeling frazzled and ashamed, I round the corner and dart into the lobby of my job but to my surprise the entire lobby was renovated.  Instead of alpine white marble floors there’s a huge Creek replete with fish, rocks, and even my co-worker standing there in fisherman gear with a rod in hand.  The babbling brook takes a serpentine path around the security desk and ends at my elevator.

This is weird.

I step in the elevator to take a ride up to the 42nd floor but after the doors shut, the elevator attempts to move but stalls.  Now I’m starting to freak out, “Is the elevator broken?”  After about 30 seconds, a booming, James-Earl like voice comes on the loud speaker and says, “Attention: Sir, you are too fat and the elevator can’t take you to your floor.  I suggest going on a Diet or using the stairs”

Enraged, I frantically press the open elevator door so I can complain to building management except the moment the door opens a million woodpeckers fly into the elevator and start Pecking me everywhere!  On my face, on my noise, on my crotch, on my chest – everywhere and it hurts!


 

I know the story seemed long but it’s really not that bad.  Just take 2 minutes to think of a story for your passphrase and you’ll be fine.  As long as the story is ridiculous (and even offensive) you’ll never forget your password again.

2. Use lyrics from your favorite song

Okay, so let’s say your imagination isn’t so lucid – is there any hope for creating a secure memorable password?

Yup.

Think of a song you keep hearing on the radio.

Now think of the that catchy hook that you can’t get out of your head.  We can take the first letter of each word to make a new password.  If we alternate UPPER AND lowercase letters and replace a few vowels with numeric equivalents we’ll have something solid.

The song I can’t get out of my head is that radio hit from a few years ago by Carly Rae Jepsen called Call Me Maybe.

You’ve probably heard it.

To make my password I just hum the hook:

Hey, I just met you, and this is crazzzzzy, but here's my number, so call me, maybe!  It's hard to look right, at you babeeee, but here's my number, so call me maybe!

Converting to a password of at least 13 characters we could make this:

HijmyatiCbhmnsom

Then I could convert the vowels to numbers that most closely resemble vowels.  So the letter i becomes a number one, the letter a could become a number 4 and the letter “oh” could become a number zero.

H1jmy4t1Cbhmns0m

Then I could throw in a symbol at the to make it even more secure:

H1jmy4t1Cbhmns0m!

Now that’s a pretty strong password and it’s easy to remember because you based it off a song that you can’t get out of your head.

The Bottom Line

Who ever thought dice and celebrities could help you protect your personal information?  Now you know they can! Please share your thoughts in the comments below.  And thank Carly for her song haha.

About

Connect with Vonnie on Twitter

Posted in Linux, Mac OS X 10.8 Mountain Lion, Mac OS X 10.9 Mavericks, Samsung Galaxy S4, Windows, Windows 7, Windows 8, Windows 8.1, Windows Vista, Windows XP Tagged with: