When I stress the importance of strong passwords for domain registration, website and email accounts, some folks groan. “How am I going to remember all these gibberish passwords?” they ask.
Here’s some good news. They don’t have to look like a bunch of monkeys typing randomly!
Creating a Strong Password
The gibberish spewed out by password generators makes for a very strong password. But if you need a password that you can remember, you don’t need to choose your dog’s name or “rosebud.” Here’s an easy alternative:
- Choose four random words that have some meaning in your life but that no one would guess unless they knew you well. For example, I wouldn’t choose “web,” “developer,” “wordpress,” “websites,” but I could choose “horse,” “rivers,” “beach,” “camera” as they represent things I enjoy. Or pick someone you know and combine their name with three other words that relate to them: “steve,” “redhead,” “brother,” “trusted.”
- Smash those words together into one long word.
- There is no step 3. You’re done!
You may be asking, “what about adding uppercase letters, numbers and symbols?” And yes, you can do that if you’d like. Some sites may in fact require that. So put an exclamation point or number somewhere in there.
One common practice I recommend against is substituting numbers for letters, like zero for “o,” 4 for “a” or 3 for “e.” This is called “l33t speak” and it’s something that the password hackers can quickly crack.
Here’s a fun cartoon from xkcd that illustrates this process.
For additional information on creating strong passwords, we recommend:
- How Secure is My Password? – check the security of sample passwords
- zxcvbn: realistic password strength estimation – somewhat technical but fascinating explanation of the science and math of calculating password strength
In the 3rd and final installment, we recommend some tools that can make it even easier to keep track of all your passwords.