Julian Melo – SEO, Wordpress Consultant & Web Dev.
The best password-remembering tip you’ll ever encounter
I’ll admit it. I’ve used the same password for many of my online accounts, which is terribly dangerous in today’s online-driven society. I changed this unsafe practice by coming up with a very unique system and in this article I’ll show you how to create unique and easy-to-remember passwords for all your online needs.
Imagine for a second having the same password for all your accounts, and somehow (either using social engineering or other tactics, such as a key logger) someone gets a hold of it and has locked you out of everything. Your Gmail, your online banking accounts, your goDaddy account and your domains, etc. Now imagine trying to regain possession of all of these accounts. Surely, a nightmare.
In an ideal world, we would have different convoluted (numbers, lower-uppercase, symbols) passwords for every single one of our accounts. Now, at least for me, it would be impossible to remember all of these given the numerous online accounts I’ve got all over the internet. Sure, you can use a program that automatically stores and fills in unique passwords for you, such as Roboform, but just imagine how horrible it would be if, one; your computer caught on fire or got stolen, all your passwords are all gone! Two: if someone got discovered Roboform’s master password. Either way, you’re screwed.
Now imagine a system where you would have easy to remember AND unique passwords for every single account. I’ve come up with the perfect solution. I’ll give you an example of how to achieve this, but remember, just create your own unique way. Just bear with me.
First of all, think of 2 memorable short words and a number. You can use 2 of your current passwords, just to keep things simple, and a number.
- first word: dog
- second word: red
- a number (someone’s birth year, reversed): 37
We’ve got dogred37. Remember, play with upper-lower case combinations.
Now we’ve got doGreD38.
Lets take this combination and make it the base of our unique passwords, and this is how:
For your Hotmail account. Grab the first letter of hotmail, h and the last letter, l. Now combine it with your master password, reversed, and we get: LdoGred37h
- For Gmail: LdoGred37G
- For eBay: YdoGred37e
- For Amazon: NdoGreD37a
Now there you have it. Unique and easy to remember passwords. You’ll never have to click the “forgot your password” link and wait for an email in return EVER AGAIN! Even worse, you won’t be tempted to write down your password on that sticky note on your monitor.
Create your own system. Be creative, but not too creative, where you won’t remember your own combination. Keep it simple.
Please share (without revealing, obviously) how you create and remember passwords in the comments.
| Print article |
- JJMELO.com » I’m back to blogging
- links for 2008-06-09 » Go Web Young Man
- Password Creation Technique : Productivity501
- A Sua Senha eh Segura? « Cheers To That!!!
- links for 2008-06-23 : Ponto Media
- Como montar senhas diferentes e recordáveis « Palavrando
- imgriff.com » Blog Archiv » Passwort-Manager im Test (1): KeePass, Dragon und Depot
- Thursday Links Roundup #4 – Putting Blogs First
- Why You Should Host with Dreamhost too – JJMELO.com
about 2 years ago
That’s a great idea! I have so many passwords to so many different sites, it’s not a life-savor, but its pretty close
Thanks a bunch!
about 2 years ago
My old car registration numbers.
For example ica317xg432rsa those are two reg’s together. Easy to remember, impossible to guess.
about 2 years ago
A clever trick indeed! I have a fun way myself though, and it even caters to those who feel the need to write their passwords down. I like to create a sort of scrambling code for any password I feel I need to write down (i.e. switch the first and last letters, reverse lowercase to uppercase, or even go up one letter in the alphabet) This way, the only ‘password’ you ever need, is how you decide to scramble your written passwords. Its the same concept I believe, just a different take.
about 2 years ago
http://supergenpass.com/
That’s how I remember my passwords.
about 2 years ago
Try this format, if your name is bill smith and you were born on june 5 1954, your password would be smib0605_ _ (then choose 2 letters or numbers or a letter and number of your choice, if your system requires you to change it every some many days, this works well.
about 2 years ago
I like the idea of pass-phrases instead of passwords. For instance a work password could be “Ih82B@wrk2Day” = I hate to be at work today.
Banking: “Iw>$1bB440y/o” = I want more than 1 billion dollars before I’m 40 years old.
Obviously these are overly complicated examples, but the concept makes passwords extremely easy to remember and difficult to guess.
about 2 years ago
My password is hunter2
about 2 years ago
I create the most obtuse, maddening passwords I can, things like ’3M@iLPasSW0Rd*473′ – so that they’re sort of memorable, to me at least. Then I store them on a blind gmail account created with no personal info whatsoever – just in case I forget them and need to doublecheck. In the gmail account it will say ‘Bank Password: gIMM3m0NEy_1986′. But since the account contains no specific bank name and no real personal data, anyone who gets into that account would have no idea what to do with the info… only me. The trick is, if I need to access this gmail account to retreive a password, it has to be done reasonably, with no browser memory of the event.
about 2 years ago
The problem with these kinds of passwords is they’re still susceptible to dictionary attacks.
We aren’t very good at remembering good passwords, so we should write them down.
http://www.schneier.com/blog/archives/2005/06/write_down_your.html
about 2 years ago
Yeah, that was a great idea, till you put in on the internet you moron.
Now everyone knows it.
Smooth.
about 2 years ago
Comment of the year! Comment of the year!
about 2 years ago
That to hard… I just use 12345… on anything but my luggage.
about 2 years ago
I use complete sentences to make my passwords because for work I require very them to be extremely strong. For example, if you worked at the zoo, and there were 10 monkeys(Or even 100, remembering incorrect facts works well too)..
“I saw 10 strange Monkeys fling poo at 2 others”
Which gives us : Is10sMfp@2o
Very strong, and very easy to remember.
about 2 years ago
That’s a nice idea but if someone knows your method it’s still quite easy to break… although I guess they’d have to guess three of your passwords (two words & a number), plus the order.
A good way of remember a password is to generate a random one using uppercase, lowercase and numbers, write it down, and then change your primary email account to that password. When it comes to typing the password in, don’t do it one character at a time, try to memorize the whole thing long enough to type it, and then memorize everything you forgot, and so on… and you should know it by heart within a couple of days, then burn the paper.
Anon – luckily I only saw ******* when you typed that, some clever software going on here.
about 2 years ago
I use actual phrases. i.e.
“This is a fine password.” is a fine password.
about 2 years ago
I was seduced by AIRoboform. Changing pass-phrases every ninety days became overwhelming. Managing 60 different passwords has become a non-issue; well worth the few dollars spent.
about 2 years ago
All I see is *******
about 2 years ago
His point isn’t that you should construct passwords so that they’re not easy to guess or forget…but that its unsafe to have the same, identical password on different websites. I can’t believe how 5 of the 7 of you who commented completely missed (or ignored) the point of his post :-\
about 2 years ago
My password is Anon.
about 2 years ago
What happens when my password for one specific account is compromised? Example, someone gets my Gmail password: LdoGred37G. Now, do I change the whole system? Just curious.
about 2 years ago
Wow.. that was pretty much to close what i do. I really got tired of these and had a similar approach.
I keep a random phrase and pad it with ‘site’ first or second or third character. ( which i usually rotate once a month or 2 )
say if the random phrase is ‘pete123′ then for yahoo, i keep something like pete123+o
Also be careful when you pick this logic & phrase. Few websites force you to have the password confirm to few standards.
thanks for sharing though
murali
about 2 years ago
What I love about your system is how easy it is to guess the Gmail password if I somehow get a hold of your eBay password.
LdoGred37G -> YdoGred37E
Would your PayPal password be LdoGred37P, by any chance?
Good stuff…I hope you’re a security chief somewhere.
about 2 years ago
What would be even better is to set no maximum length on passwords like so many services do. On the ones that don’t, I’ve used passwords that span 100 characters, and sometimes I’ll tone it down and use the first 60 digits of Pi or my favorite super password of 34 digits with upper/lowercase, numbers, and symbols.
I’m too smart to hand out my super passwords to something like social engineering, and keyloggers aren’t exactly a problem for me as I run Linux (and if they were I don’t have an smtp sender installed).
about 2 years ago
I listen to some obscure music. I generate my passwords by taking the first letter from each word in a line of an obscure song. I choose which letters to capitalize based on the context of the song. If there are any numbers in the line, I use the number rather than the first letter (like 7 instead of s). If there are no numbers, I replace letters with numbers like 7 instead of T, etc. And that generates a password that is easy to remember, provided you can remember the lyrics, but looks like gibberish and difficult to guess.
(not obscure) Example: from ‘twinkle twinkle little star’
Line: like a diamond in the sky
Password: 1aDit5
about 2 years ago
one of the best ways to remember complicated passwords is to write them down — and leave out one or two letters and remember where to put them.
example:
for the pc at work, the (totally made up) password is
XpC12trG
you can even post a sticky note to the screen like this…
XpCtrG
…and just tell everybody who is supposed to use the pc: put a 12 (an X/a dollar sign/…) in the middle (at the beginning/at the end/after the first character)
impossible to guess, easy to remember.
about 2 years ago
I agree with kdaz (22), your a plonker. Whta happened to 8 character RANDOM letters cap’s with numbers and just learning a few differnt passwords. Jach (23) your a knob-end also.
about 2 years ago
@Tyler Gresham: Thanks. Glad to help
@Chuck: Yeah. Thats the idea
@brian: well…what if your main passwords gets compromised?
@Peter: Sure another variant. But you’ve got the idea
@Samuel: Dictionary attacks? Don’t think so. Perhaps brute force. Plus, this article was about REMEMBERING passwords
@mrsleep: Well, like I said, create your own method…don’t use mine, moron!
@Tony: Good idea
@James: How would someone know my precise method, unless they figure out the pattern after knowing perhaps 3 of my passwords. Again, this article is supposed to help your remember different, convoluted passwords, not memorize a bunch of meaningless characters.
@Sam: Looks like you’ve THOROUGHLY read the article. Thanks
@Kmull: Like I said, don’t use this exact system, create your own, that way, if your password gets compromised, no one knows your method
@dkaz: I don’t use this exact system, but a variant, this is just a suggestion, so if someone got a hold of one of my passwords, they wouldn’t know my method
@Bonder. Good method.
@k23. I don’ like writting my passwords down, but if I were to do so, I’d probably use this method. Thanks.
about 2 years ago
How To Choose A Password You Will Not Forget – Predictable Passwords Simplify A Hacker’s Task
Reprint of a letter published in the International Herald Tribune six years ago, and it still hold true. I have added a bit, but the idea stays the same.
Hackers take great joy in bypassing passwords, I’ve done it myself.
- Your job is to make passwords unpredictable.
It is wrong to tell people that passwords can be broken without explaining the proper way to choose one that will be more difficult to break.
- Given enough time every password can be broken.
You should choose a password that is seven or more characters long. Don’t use a word that is found in a dictionary – a program can be written to use every word in a dictionary.
Once you use a password that you consider good, don’t use a sequence of that password (Tolkien1, Tolkien2, Tolkien3)
Try making up an acronym – JDwfLTismf (”Jack Daniels whiskey from Lynchburg, Tennessee is my favorite”). Unless you know me well enough to know that I like Jack there would be no reason to consider that phrase. If you did know my like for Jack there is still no reason to consider this as a possible password.
Try and misspell a word using one or more special characters in the center of the word, like Disné#Land.
Since many passwords are case sensitive, use upper and lower case.
When it comes time to change passwords, I take the local newspaper and choose a word. The word for today is Doonesbury, which I modify to be D00n3sb_r. Or take the word lightbulb and spell it 1igh+b_1B. It is actually very simple, once you get the hang of it.
Take the word “automated” and on a US keyboard type one character to the right “siyp,syrf” and doing this means that you can use your family name if you want to.
For sites that do not have any money related information I use one password. I take an unnatural word combination, like an adverb and a noun (an adverb, broadly defined, is a word which modifies any word other than a nouns), combine them the make a word that does not exist in the dictionary. SlowlyTruck is a combined word that does not appear when searched on the internet. Slightly change the spelling and you really have a wonderful password – how about Sl0w1yTruck
I only use one password for sites like blogs. For sites that have money related things I use the ideas referenced above, but since I have a good memory I really screw the text up. I have also taken a text file and just typed a dozen or so characters, and whatever came out was a password.
Change your password at work every two months and personal passwords as often as you feel necessary.
Change your password now. Don’t wait for the prompt.
about 2 years ago
I just use a mneumonic.
Take an easy to remember phrase like-
‘This little piggy went to market this little piggy went home’becomes ‘tlpwtmtlpwh’then by interjecting even a single number you can get something like ‘tlpwtm5tlpwh’for an even highr strength-impervious to dictionary or brute force attacks. If you are even more paranoid,add in some upper and lower caseand a symbol that makes sense to you and voila! All you really have to remember is ‘This little piggy went to market this little piggy went home’
about 2 years ago
For most of my passwords now I’ve switched to a format that incorporates the site’s name into it. Depending on how secure I want it to be, I might throw a number or two in there. For example, ‘myspace22′ (which is not my actual password but close).
It’s not super secure or anything, but it is a step above using the same one for everything, and incredibly easy to remember. When I get somewhere and can’t remember it, I just look at the site name.
about 2 years ago
As an old crypto curmudgeon, this is a subject near and dear to my heart…
I never bother with mixed upper and lower case, or symbols, numbers, etc, when I am allowed to use a long password. Why? Adding extra symbols multiplies the number of possible combinations, while adding length raises the number exponentially. Add the fact that it is easier to remember a password without random caps etc., and it’s a logical choice.
I like most of the simpler methods mentioned here. One of the better ones is to use a joke or pun that you have always thought was funny, as a source for (for instance) the first three letters of every word in some memorable phrase it contains. Hard to forget, easy to type, and dictionary resistant.
about 2 years ago
I use key patterns, like “45rtfgvb” (look at it). They are not only easy to remember, but easy to type. “qpwoeiruty” is another favorite.
about 2 years ago
“45rtfgvb” & “qpwoeiruty” are bad.
anyone can look over your shoulder and figure that out.
Use translate dot google dot com and stick a phrase in a different language.
Ihatecats,buttheycookwell would be good if you translated it into spanish
about 2 years ago
This is all great, except when some site makes you change your password periodically…
about 2 years ago
good ideas all round but still the human brain can only hold so much info
so at any given time, it forgets little used ones, like a bank account you only log into once a month
at were i work we have about 34 ids and passwords to remember. and use every day.
its not hard for some but others it is
i have one suggestion
no more passwords ever… fingerprint scanner, got one at home and i love it
about 2 years ago
I create a small, simple language, and make my passwords from words and phrases from its vocabulary and grammar, with the requisite numbers and symbols mixed in.
If it’s easy enough to remember the words and rules, you don’t need to write it down, so long as you stay in practice using it. Just remember an easy phrase – “I love Joe” – and translate it mentally.
about 2 years ago
I personally use a generic password for any place that I don’t really care if it is hacked or not. “Ohmigod, you have hacked my dollhouse builder’s forum pword. what ever will I do?” This covers 75+% of the passwords I need. If I need something to be secure, I either take words from a non-romance language (basque, irish, or german typically) and use that to make a phrase that I can remember. ie: I’m having a bad day, so I decide to make my pword ‘today sucks’. That’s Heute saugt via google translation. HeuteSaught&G4 becomes the password (&G because it’s german, 4 because it’s April.)
I also use the “forgot password” questions creatively. I love the ones that let me type in my own question and answer. I use nonsensical answers that make sense to me, or purposely misspell things. like: Q: Are you sleeping brother? A: Owl (dora the explorer reference that my kids like) Or if they supply the question, Q: Your favorite drink A: moss eyeslee (mos eisley for you star wars fans. drink=bar=misspell)
Sorry to disappoint, none of the examples used are anywhere close to any of my real pwords/reminders, but it makes a good system for remembering things, in my little brain, that is.
about 2 years ago
Perfect Passwords???
www dot grc dot com virgule passwords
about 2 years ago
I just use a word, say, Computer, and write whichever letter(s) stand out in the word (to me, anyway) using the numpad instead.
So ‘Computer’ becomes 9874123om147854u789852er
(Just try typing that if you don’t get what I mean)
Generally I add the first letter of the site name to the beginning too, although it’s probably secure enough anyway.
about 2 years ago
@Tech Suppport (35)
You have to consider that fingerprints are not as save as (good) passwords! That’s because passwords cannot be stolen (if you didn’t write them down of course), whereas a fingerprint can. Here in Germany we recently had this debate. Our government wants to introduce new passports with biometrics such as fingerprints. The “Chaos Computer Club” (one of the biggest hacker organisations here) then stole the fingerprint of our Secretary of the Interior (from a glass he drank from at a panel discussion) and published it in their magazine as plastic foils. You simply have to stick it over your finger and you have his identity. The CCC also provides instructions how to create such foils (which is ridiculously easy) on their website.
So at least for sensitive data are fingerprints uneligible.
http://blog.wired.com/27bstroke6/2008/03/hackers-publish.html
TV report (in english):
http://de.youtube.com/watch?v=mVu5ofv92e0
about 2 years ago
There is a much better solution and a more secure one. It’s: PasswordMaker, it’s an extention for firefox.
about 2 years ago
I just use a few passwords (about 5) for everything. upper-case, lower-case, numbers, and three also got symbols.
(all random chosen characters)
Read them a few times, use them a couple of times and you don’t forget them anymore!
And when someone cracks one of them, I always got a backup (my site is on different accounts with 2 different passwords, my contact list on msn is also saved so I can always send an e-mail to everyone that I got an new hotmail adres, etc.)
about 2 years ago
Why not just use 1password?
about 2 years ago
Sometimes I just bang my head on my keyboard to put in a password.
I always have a hard time confirming it, though. . .
about 2 years ago
Some of the methods mentioned by other folks are better than others. The requirements, to me, are generally the following:
1) Easy for self to remember
2) Hard for others to guess
3) Different enough for each site that knowing the passwd for one won’t yield the passwd for the others
4) Hard to tell by watching someone type the passwd
5) Easy to change/update
6) Portable (not tied to one computer)
A near-dictionary word is needed in many cases due to #1. So one must somehow modify it–and do it in a way that will not violate #1. Some methods are: use foreign characters, ‘l33t’ typing, etc.
I’m gonna say something unpopular: given #4, uppercase letters, digits, and symbols are not all that ideal, because they slow down the typing. A long, all-lowercase passwd would be just as difficult to brute-force as a shorter one with one of those features.
For example, using the Cyrillic alphabet, one can map the word ‘sarah’ to ‘capa’.
Using Pinyin is generally a bad idea as it has limited combinations.
I don’t agree with the practice of adding the first and last letter of a site’s domain name to the passwd–or a similar variant, due to #3.
If I captured your passwd for yahoo and saw that it is ‘oblahblahy’. I would be willing to guess that your passwd for hotmail is ‘lblahblahh’.
A variant of this method might work better: appending or prepending the passwd with one letter for the domain name, AND one leter for the sequence count which is incremented when the passwd is updated (see #5.) e.g. ‘blahblahya’, ‘blahblahyb’… for yahoo. The suffix ‘yb’ is slightly less of a giveaway than the first-and-last-letter method. To make it better, one could ‘increment’ that letter by one. i.e. use ‘z’ instead of ‘y’ for yahoo, and use ‘i’ instead of ‘h’ for hotmail.
I dislike passwd generators (even SuperGenPass) because of #6.
I agree with using ‘generic’ passwds for sites that don’t matter.
I have even begun using passwds that I will never be able to remember–and store them in an encrypted file–for sites that I seldom use. It’s not the most ideal way, I must admit.
I’m not telling anyone what my first pet’s name is or who my favorite high school teacher is. That’s why I don’t take those ‘forgot-passwd’ questions seriously.
We’ve arrived at an age when the number of passwds that we use daily has exceeded our ability to manage them–for the average person. The good news is, we now have great encryption tools that were not available just 10 years ago. So I DO write down my passwds–and encrypt them.
Here’s a thought on writing down passwds:
write them in such a format as to defeat those passwd-search/grepping programs.
For example, this is bad:
———————–
site: yahoo.com
login: joeblow
passwd: blabblah
site: hotmail.com
login: jackblow
passwd: blowblow
———————–
Instead, do this:
———————–
hotmail.com
joeblow
blahblah
hotmail.com
jackblow
blowblow
————————
That’s just my $0.02.
about 2 years ago
I wouldn’t say it is unique or you created that idea, but thanks for sharing.
This method works well, i have been using something similar for years now.
I acutally started with a very long random password from a pass gen, memorized it and then used this pattern, very hard to guess
about 2 years ago
If somebody finds out two of your passwords and they are similar then they know how to begin attacking the rest. Very insecure.
Instead, use a program like PasswordSafe (http://passwordsafe.sourceforge.net/) to create and store ridiculously difficult passphrases. And then be sure to put a very good passphrase on the safe. The safe will encrypt everything for you so there’s no risk of it falling into the wrong hands, and good backup habits will protect you if your computer burns. (You do back up every day, right? If not, passwords are the least of your worries. Get a program like Acronis True Image to effortlessly backup everything every day.)
As for actually selecting passwords, use at least one character that isn’t on the keyboard, making it nearly dictionary attack-proof. For instance, you can make a cent sign by holding down ALT and typing 0162 on your keypad. With this, you can have an ultrasecure password like “IH3ardHi$2¢&D1dn’t¢ar3″. (“I heard his two cents and didn’t care”.) You type a password like that about five times and you’ll never forget it. Make that the passphrase to your Password Safe, and use the features in Password Safe to make it soyou never have to type (or remember) any of your other passwords.
Wayne
about 2 years ago
Followup to my previous post: Obviously, when I said “Make that the passphrase to your Password Safe”, I meant make the passphrase to your safe something incredibly difficult like that. It would be a very bad idea to actually use “IH3ardHi$2¢&D1dn’t¢ar3″ since that one has now been published. Never use a password you saw somewhere and were impressed by – if it is impressive enough, it’ll just be added to the top of a dictionary list.
about 2 years ago
As a network security expert my advise is to: Memorize them all. I have a remarkable memory and remember all the different passwords. OF course you will have a key password and different variations to the same word as suggested by the author.
Now, think on this: how many phone numbers can you remember? eh? compare with the amount of passwords you normally handle and you will see how easy is to remember!!
Come on, don’t be lazzy and develop your brain!!
about 2 years ago
I use the birthdates and uppercase / lower case characters of the first names of family members. From one birthday to the next the order is rotated.