Following the hack of Zappos.com and 6pm.com there are probably quite a few of you looking for a way to create strong passwords and also remember them. Back in December, our safety-conscious friends at Consumer Reports ran a guide to creating strong passwords that are also easy… well, easier, to remember. Here it is.
You can create strong passwords that don’t make you memorize a cryptic string of letters, numbers, and punctuation symbols. Here are three techniques:
Use a sentence. It’s easy to remember the first letters of the words in a sentence. For example, children have used this sentence to remember the names of the nine planets: My Very Excellent Mother Just Served Us Nine Pickles. You could use the first letters of those words to generate this strong 9-character password: m*Emjsu9p, where Venus (the morning or evening star) is represented by *, the letter for Earth is capitalized, and nine is a numeral. In practice, it’s best not to use such well-known sayings to generate acronyms.
Use a pass phrase. Several words mixed with numbers and punctuation symbols is known as a pass phrase. For example: stitch9clock^handsapplausE. The longer the pass phrase, the more secure it is, though you’ll be limited by the maximum length the site allows.
Growing the haystack. Developed by security expert Steve Gibson, president of California-based Gibson Research, growing the haystack takes advantage of the ways hackers crack passwords. “The first thing they’ll try is the well-known dictionary of most common passwords,” Gibson says. “Then, if they know something about you, they will try to guess things from your life.”
To foil that part of the process, Gibson suggests starting with a phrase that’s short but not a common word. That forces the hacker to resort to the slower brute-force approach by trying every combination in existence, which is like looking for a needle in a haystack.
Once you’ve accomplished that, “the length of the password matters more than its absolute complexity,” Gibson says. In other words, make the haystack larger by padding the password with numerous easy-to-remember symbols. For example, the password “c – @T – – 9 – – -” is 10 characters long and is probably not in any dictionary, but it’s not very hard to remember.
A caveat: Don’t use any of the above examples as actual passwords. Now that they have been widely published, hackers might add them to their dictionaries.