I think we all intuitively understand this concept, but many of us ignore the risk in the name of simplicity. It’s “too hard to remember” long – and therefore more secure – passwords.
I came up with a technique for generating and remembering long and seemingly complicated passwords years ago. I use it regularly because I have to remember about 25 passwords for various servers at work. I simply tag each machine with a password hint and it’s easy going from there.
Here’s how it works; Let’s say your name is Ellen Degeneres and you have a dog named Poopchute. And let’s say you and your dog live in apartment #69 at 1964 Westview Street. This is all easy stuff to remember right? You use it every day. There’s no reason to make your life more difficult. Here’s your hard-to-crack-but-easy-to-remember password:
That’s a 22 character combination of upper and lower case letters and numerals. There are no words you’d find in the dictionary because I replaced the letter o with a 0 (zero) and the letter i with a 1. And yet it’s easy to remember because it’s made up of familiar things you already have memorized.
ED (Ellen Degeneres)
69 (Apt #)
p00p (dog’s name with zeros instead of letters)
1964 (street address)
Westv1ew (street name)
You obviously don’t have to use that particular formula for your passwords. Just use stuff that’s easy for you to remember. Your license plate mixed in with your high school name, or your postal/zip code mixed in with your grandparents first names. Replace some letters with numbers (3 for E, 4 for A, etc.) and throw in some odd capitalization and you’re good to go.
Using the information in Mike Yawney’s article, that password would take about 100,000 years to crack. No hacker is going to waste resources attempting that when he can simply move on to your neighbour who cleverly set all his passwords to “password” or “123456”.