Visit the FFI Store at

Visit the FFI Store at for tools to help you reach your goals faster.

Thursday, May 10, 2012

Very Strong Passwords That Are Easy To Remember

Question: What makes a password strong?

Answer: A combination of its length (minimum 8 characters) and different:

1.      alphanumeric characters
2.      special characters
3.      capitalization

Conclusion: What makes a password strong, is often what makes it difficult to remember.

And, long passwords are a pain to fill out. Add to that, we want a number of different passwords – if we use the same one for everything and it gets compromised our entire online life could be unlocked.

So how do you pick a strong password that is strong and easy to remember?

According to one of my tech buddies, you should follow the advice of British techie Sammie whose technique uses different passwords (9 characters in length max) for every website you access and results in 7.2 quadrillion different combinations that will take 83.5 days to crack if the hacker can try 1 billion different passwords per second.

Wow! I didn’t check his math on this (my math skills weaken when I get into the quadrillions), but even if he is off a million here or there, you’re going to get a ton more protection from this system than what you may be doing now.*

Here’s how to do it:

1.      Pick 4 characters from the including characters you see above the numbers on your keyboard and to the left of the Enter and Shift keys.

These characters are: 

2.      From those 4 characters pick 2 that will start every password and 2 that will end every password.

For example, all my passwords will start with #* and end with &%

3.      The middle part of the password uses the website name:

A.    Use the first 6 characters of the website domain name (if it is shorter than 6 characters, use the full domain name)

B.     Spell it out using substitute characters for the vowels: a becomes @, e becomes 3, i becomes 1, o becomes 0, and u becomes ^

For example, if you are creating a password for tw1tt3r ... the first 6 characters are: tw1tt3

C.     Next, pick a standard for capitalizing consonants (1, 2, your choice)

For example, capitalizing the 2
nd consonant yields tW1tt3

4.      Put it all together and you get #*tW1tt3&%

Incredibly strong, yet easy to remember because all your passwords begin with the same 2 characters, spell out the website domain name with a consistent “code” and end with the same two characters.

Here’s how a few other passwords would look using the formula above (NOTE: when you do this for yourself, choose different characters than I used above and pick your own consonant capitalization).

the password at becomes #*f@C3bo&%

the password at becomes #*l1Nk3d&%

the password at becomes #*sQu1do&%

the password at becomes #*p1Nt3r&%

NOTE: Although you can use more than the first 6 characters of the domain name, it’s not necessary (and your passwords will be longer).

ANOTHER NOTE: If you're concerned that you might be targeted by a determined hacker who also uses this formula, use 3 or more starting characters and/or 3 or more ending characters (as many as you like).

= = = = = =

*the most common (and worst) passwords of 2011 (compiled from files containing millions of stolen passwords posted online by hackers) according to SplashData are:

1.      password
2.      123456
3.      12345678
4.      qwerty
5.      abc123
6.      monkey
7.      1234567
8.      letmein
9.      trustno1
10.    dragon
11.    baseball
12.    111111
13.    iloveyou
14.    master
15.    sunshine
16.    ashley
17.    bailey
18.    passw0rd
19.    shadow
20.    123123
21.    654321
22.    superman
23.    qazwsx
24.    michael
25.    Football


Anonymous said...

This is great, thanks!

Rick Campbell said...

great! thnks

Post a Comment