How to come up with a strong password and make it easy to remember

Two simple but effective tricks.

Every day, hackers hack thousands of accounts from a variety of services, from social networks to Apple ID and iCloud. The main method of hacking is still automatic password selection (brute force). It is very easy to protect yourself from this type of attack - just use a complex password. This seemingly not the most difficult task is usually complicated by the fact that long passwords are not easy to remember. In this article, we shared two tips from the famous developer xkcd on how to come up with a complex password and remember it easily.

General traditional advice

Before moving on to the original methods of creating and remembering a password, we’ll talk about well-known tips:

  • The password must be at least 12 characters long. It's no secret that the larger the password, the more difficult it is to crack. A password of at least 12 characters will reliably protect your accounts from any attacks by hackers.
  • Use numbers, symbols, capital letters. Brute force utilities will find a password like “catsanddogs” relatively quickly, but they won’t be able to cope with a password like “ [email protected] $123.”
  • Don't use words. Try to avoid using common dictionary words in your password. An incoherent set of letters is much more powerful than any specific word, even a long one.

We're done with the platitudes, let's move on to simple, effective and little-known methods.

What is a strong password: general rules

Most users know that a strong password consists of letters, numbers and symbols. Some users use weak passwords, sometimes very simple ones, which are very easy to crack, for example, “12345” or “qwerty”.

When creating a new password, there are a few basic rules to follow to ensure greater security. A strong password meets the following requirements:

  • The password should be long, ideally starting from 16 characters.
  • The password must consist of a combination of numbers, lowercase and uppercase letters, punctuation marks and special characters.
  • Passwords need to be updated from time to time.
  • For each new registration you must use a unique password.
  • Use two-factor authentication (password and SMS message) if possible.

Ideally, the password should be long, but some services have restrictions on the number of characters entered. Therefore, it is advisable to use at least 8 characters in the password you create, this will make it difficult to crack.

What characters should I use in my password? Use the following combinations: the password must contain at least one number, insert letters of different case and special characters, such as a hyphen or an underscore.

For greater security, use two-factor authentication, for example, using SMS messages. There is a very small chance that an attacker will gain access to your account password and at the same time take over your phone, or be able to intercept a message transmitted over a mobile network.

You should not include the following personal information in the password you create:

  • Names and nicknames.
  • Date of birth or other memorable dates.
  • Service name.
  • Phone number.
  • City of residence or city where you were born.
  • Home address information.
  • Pet names.
  • Other similar information.

The fact is that attackers can find out this data on the Internet, due to the fact that it is publicly available, for example, on the user’s personal page on a social network.

On the “dark” Internet (Darknet) there are password databases linked to email. On the Have I Been Pwned service you can check whether a specific email has been hacked and find out if the password is in the hackers’ databases. You can check the strength of your password on the Kaspersky service: Kaspersky Password Checker, which uses the database of the mentioned service.

Using commonly used words or names as part of a password is unreliable, because hackers use programs that select passwords using special dictionaries containing frequently occurring secret combinations. If your password corresponds to some concept included in such a dictionary, it will not be difficult to crack it.

Is it possible to reuse a password? It is better to create a new password, because, having gained access to one password on a resource with weak security, an attacker will be able to use this password on other user accounts.

Do not change passwords before traveling or on vacation, because if problems arise, you may not remember what was changed and how. Use the password recovery procedure.

How to come up with a complex password and remember it easily - method 1

The above tips make it very easy to come up with a complex password, because all you have to do is tap the keyboard indiscriminately and get something like “as[fpokdhk3251kh”. This is a pretty good option, which an ordinary computer is capable of hacking only in deep theory (how to check the strength of passwords is written at the end of the article). But remembering such a password is problematic.

The essence of the first method, proposed by xkcd, is to use as a password an entire phrase that is memorable for you personally. Of course, converted into a password. Such a phrase can be anything: a moment in life, a significant event, a phrase from a song, etc.

For example, you always remember the phrase “The rivers have cooled and the earth has cooled and the houses are a little ruffled” from the song “Three White Horses.” Use it as a password, taking the first letter of each word in the passage. It turns out - “Orizoichnd”. It will take a modern computer 4 years to crack such a password! But if you add just a few numbers at the end of the password, for example, the banal “123”, then the computer will have to spend 4 centuries to crack the resulting combination “Orizoichnd123”!


As a result, both goals were achieved. You have received a complex password that you don’t even have to remember, since you already remember the phrase associated with it. Of course, it is very important to choose the right password phrase and begin to associate it with your code word.

Where to store passwords

An important question: how to store passwords. Passwords should not be easy targets, so you should be concerned about their safety.

If the user creates passwords themselves, then it is better to store them at home, and not on devices in the form of an unencrypted text file. In the event of a leak, all existing passwords will become compromised.

Write down the password on a separate piece of paper or in a notepad; store it not near the computer, but a little further away, for example, in a nightstand or in some folder. The chances that a thief will break into the house are low, because now the main danger lies in wait for the user on the Internet.

If a user uses a password manager, he should pay attention to the safety of the “Password Database” - one of the program elements. The password database is encrypted; an attacker will not be able to access it without entering the master password.

Some programs store password databases locally on the PC, for example, KeePass; other applications, for example, LastPass, save this data on a server on the Internet. Based on this, you need to take care of the safety of your password database.

You may also be interested in:

  • KeePass - secure password storage
  • A secure password manager: what it looks like and what features it should have

Online solutions are more user-friendly in terms of comfort, and offline programs are more reliable in terms of security. Online password managers are synchronized between devices, and in offline applications, passwords are relevant after authorization on a specific device. Local safes are well suited for important passwords, such as those for online banking or payment services.

Serious problems may unexpectedly arise on your computer, causing you to urgently reinstall the operating system. In this case, you can lose all user data, including the password manager database.

In this case, it is necessary to create copies of the password database in advance, stored in different places: on a computer, in the cloud, on a USB flash drive, etc., or additionally use the function of backing up important data on a computer disk.

In this case, the password database will not be lost due to force majeure. Do not forget to copy the original database after making changes to it: adding new passwords.

How to come up with a complex password and remember it easily - method 2

The second method is even easier to use, and most importantly, it has helped a huge number of people come up with and remember truly complex passwords. The method involves choosing six of the most common words as a password.

For example, a set of words (specially rhymed for even easier memorization) - “lom dog house manager head jam catfish” turns into a password: lomsobakaupravdomgolovapovidlosom.

It would take an ordinary computer more than 10,000 centuries to crack this password. In other words, such a code word cannot be obtained by guessing passwords. Moreover, even the most powerful supercomputer Tianhe-2 has no chance of successfully guessing this password in the next few thousand years.

FAQ

I can't come up with a login for my work email. It must contain my first and last name. What to do?

Most email sites offer users alternative logins based on the entered combination. Use them so as not to abandon the intended combination of symbols.

Where is the best place to store logins and passwords?

Pairs of logins and passwords for sites can be written down in a notepad. It is also possible to use virtual storage from popular antiviruses (Kaspersky, Dr.WEB). The stored data is securely encrypted. To gain access to information, the user needs to enter only one code.

Use special characters in your password

In the same way, you can use the keyboard features if you want your original phrase to contain numbers. Then just type these numbers while holding down the shift key and you will get 1=!, [email protected] , 3=#, 4=$, and you will get non-alphabetic characters in your password, which will only strengthen it many times over (again, provided that these characters are valid) .

Now all that remains is to learn how to choose the right key phrase or word so that there is a strong association with the resource on which you are registering.

And yet, it is not necessary to change all that can be changed, letters to numbers. One or two are enough, you should look at the situation - optimize your password also for easy typing, if you do not yet know the ten-finger touch typing method.

How not to forget your password

The first recommendation is to never save passwords from online services (various email services, social network accounts, forums, websites) in your browser! Because you can simply forget it. And on some services, password recovery is a very labor-intensive procedure. Using some place where you will store passwords for all your accounts is also not a good option. Although, for passwords from accounts that are not particularly important, it is quite suitable.

It is better to keep all passwords in your head. This is a great memory training. If you don't save passwords in your browser, you'll have to keep typing them. This way you will never forget it, because not only your brain will remember it, but also your fingers. It may seem too difficult for you to type the password every time. But this is only the first n times (n depends on your typing skills. By the way, constantly entering passwords manually significantly contributes to improving your touch typing skills.

Rating
( 1 rating, average 5 out of 5 )
Did you like the article? Share with friends:
Для любых предложений по сайту: [email protected]