I originally wrote this article over a year ago but end up never publishing it. Last week, one of my clients’ website got hacked. Actually, the host company they’re using got a massive attack and while I was fixing my client’s website, I noticed they passwords were very weak. So I decided to publish this article and send a link to all my clients.
How to create strong passwords you can remember
The majority of the internet users need to remember at least one password these days. Their email password, online banking, Facebook, just to name a few. Keeping track of all passwords can be difficult, so most people create easy-to-remember passwords which usually are weak and easy-to-guess. Because passwords are the only thing standing between your private information and the outside world, a weak password will make you an easy target for scams and identity theft.
What makes a password strong?
A strong password:
- Is at least 8 characters long
- Uses a variety of characters: uppercase letters, lowercase letters, numbers and symbols
- Is significantly different from previous passwords
- Gets changed regularly, about every four months
- Is very different from username
Strategies to avoid:
- Using personal information (name, date of birth, social security)
- Using sequences or repeated characters (12345678, 44444444, abcdefgh)
- Using dictionary words in any language
- Using only one password for all accounts
- Using sample passwords given on different web sites, including this one
- Keeping default passwords generated by websites
- Store your passwords in a online storage
Passwords you can remember
To help you easily remember your password, consider using a sentence, song title or movie title as a password. After picking your password, add complexity to it following the strong password strategies. Your password should look like a random sequence of characters which is easy to remember but hard to guess or hack.
Adding complexity to your password
Complexity can be simply described as substituting letters for either numbers or symbols. The greater variety of characters you have in your password, the harder it is to guess. Here are some basic substitutions, but it’s better if you create your own.
A 4, @, /\, ^
B I3, 13, E3, |:
C (, [, {
D I), [), cI
E 3, &
F I=, ph
G 6, 9, C-
H /-/, [-], )-(
I 1, !, |
J _|, _I, </
K |<, |{
L 1, |_, i_, !
M |x|, |\/|, em
N ^/, |\|,
O 0, (), []
P |*, |>
Q 0_, (),
R 12, I?, [Z
S 5, $
T 7, +, -|-
U I_I, LI
V \/
W vv, \^/
X ><, }{, ex
Y `/, 1
Z 2, 7_
Creating strong passwords
I like using positive affirmations as passwords, so I’ll use “Be happy” for this example.
Chosen password: Be happy
Adding complexity:
- Replace B with |3
- Replace e with &
- Replace space with ,
- Replace h with H
- Replace a with @
- Add an exclamation point at the end
Final password: |3&,H@pp1!
Other examples:
Smells like teen spirit (Nirvana song)-> SmLiTeSp -> $mL1T3$p.
The Matrix (movie) -> +h3,M4+r1x
Create different passwords for different systems
Another good practice is to create different passwords for different online accounts. That way, if one account is breached, your other accounts won’t be put at risk too. On websites that don’t host sensitive information, like those of The New York Times or a hobby blog, it’s okay to use the same password. One way of using this strategy is to append the first two letters of the name of the website or service to the beginning of each password.
For example, for my gmail account, I’ll use gm|3&,H@pp1! as my password and use fa|3&,H@pp1! for my Facebook account.
I highly suggest you use the strategies above to change your passwords right now!
