How to create an easy-to-remember and strong password

As the web looks today, most people have a number of user accounts on various services. With that comes the need to use passwords, which should be as secure as possible. Preferably by being long, containing letters in mixed cases as well as numbers and special symbols. Passwords should also never be re-used, but unique to each account, website or service. With dozens of such passwords to keep track of, it may be a pain to remember them all which sometimes results in taking shortcuts that result in a less secure password policy.

Web comic xkcd published an interesting view on this where it is shown that in theory, passwords made up from four random and easy-to-remember words are way more secure than shorter passwords containing numbers and symbols:

Now, what is true in theory is not always true in practice. Passwords made up from random words are more likely to be guessed using word list matches than random characters. But the idea of random words is still interesting since the passwords are naturally easier to remember. By combining the concept of four (or any number of) random words with a few special characters and mixed-case, you can get strong passwords which are still easy to remember.

Let’s create an example!

To give an example, let’s use the excellent Simple Strong Password Generator which was created by two Swedish developers soon after the xkcd cartoon was published. I start by generating a couple of random four-word passwords until I get one which I find easy to remember:

I got “mooncrossedcaseflow”, a 19-character password consisting of the words “moon”, “crossed”, “case” and “flow”. To make it more secure while still keeping it easy to remember, I add a number in each word: “1moon”, “2crossed”, “3case” and “4flow”. Finally I put an exclamation mark at the end, to get the end result:

“1moon2crossed3case4flow!”

The result is a 24-character password which is much easier to remember for me than a shorter string of random letters and numbers. Now, this is of course very individual so this may not be a good method for everyone. But if you resort to using simple passwords since more advanced passwords are too hard to remember, then this may be a good alternative.

The truly secure option

However, the most secure passwords are still the kind that can be generated by services like the Ultra High Security Password Generator. A password from it can look like this:

“tV>N`0R’|PFD5=HsQ`Rb@if9WwZACqsmgS’68~b8&< )Z7-S7w}MMjk`,c;L]{3A" I could never remember a password like that, but there are various ways to securely store passwords if needed. This blog post from NY Times lists some of the ways it can be done. The comments to the blog posts provide more tips and ideas for securing your passwords, no matter which password policy you choose to use.

security, tools, tutorials