How to create a secure and easy to remember password?
It’s the end of year 2018 and 2019 is just few days away. Ushering the new year, I have sudden enlightenment to share my thoughts in creating a secure and easy to remember password. I will also share how do I managed and use my password for personal usage.
Being a Managed Service company focusing on helping organization managing their IT infrastructure services, we are bound to work with multiple applications and systems through out our internal environment as well as our clients’ environment. I have about 18 password that I’m currently remembering as far as I can recall. When I was actively doing tech support, I have remembered close to 24 passwords at 1 time. That was the time when password manager service not known yet. And it’s very bad idea to jot down your password at any place whether in your planner, or your notebook/notepad and even worse, on a sticky note which you stick on your computer monitor at the office!
Before we dive further, here is the top 10 password of all time.
If this is you, well…it’s time to get a new password.
4 steps to create a secure and easy to remember password.
Guideline on creating a strong password:-
Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.
Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.
Follow these 4 simple steps to get your self an easy and secure password!
Step 1 – Create a sentence or phrase as the basis for your password
Try to think of something that you like such as “kambing golek” as the base password. So, min 12 characters checked!
Or if you want a quick one, you can also use a mnemonic device developed by Carnegie Mellon computer scientist called Person-Action-Object (PAO) method. Eg. “Ali Makan Nasi”
Step 2 – Create a secret key
What I mean by secret key is a combination of alphanumerics and symbols to serve as a scrambler, making the password unpredictable. There is a lot of ways doing this. Here some ideas
- You can add your birth date maybe with a “!” symbol. (eg. 1309!)
- some random words such as “L33t!”
Step 3 – Split the base phrase into 2 and add secret key in the middle
So now we have the base phrase and the secret key. What we need to do is split the base phrase “kambing golek” into 2 parts and add the secret key “L33t!”
Step 4 – Add capital letters randomly
Now we need to add capital letters to the phrase created in step 3. This will add complexity to the password. Put it randomly or if you quite forgetful one, just put it on the first and last letter of the word similar to the example.
Test your password
Once you have the new password, test out your password here! The website is run by Kaspersky, a renowned brand in endpoint security. Be assured that the password will not be saved by the website.
How do I manage my personal password?
Personally, I don’t use password manager such as LastPass or DashLane because I don’t want to be independent on these services and it is also serves as mental training for me.
I have categorized my password into 4 types each with it’s own password
- Financial – Critical. online banking or ewallet.
- Emails – Most critical. If you forget any of the password, you can always reset it which usually send to your email.
- Web Services with personal and financial details such as Netflix, Spotify and Dropbox
- Normal website such as blog, forums and apps – less critical
- Method above serves as a guideline. It is not unbreakable. There will always be some website or services that didn’t do enough in securing our data which caused our account details including our password to be compromised.
- Change your password immediately whenever you received a notification of your email or web services has been compromised (eg. accessed from different location)
- Change your password regularly. I tend to change my personal password once a year at least.
- Never write or store your password anywhere especially in your diary or notebook or even in your google doc! If you really need to, just write down the base phrase or 1st part of the phrase to serve as memory jogger.
- Never shared your secret key.
Infinite Logix System PLT are based in Malaysia and we help businesses over South East Asia to managed and maintain their backup solutions through our Managed Backup Service or Backup-as-a-Service (BaaS) offerings. We are reachable at +607-267 0108 or reach us via our email at email@example.com
If you like this post, please share so anyone reading can get the benefits as well as I am.
- Tips Zoho Mail – Using calendar - 9 May 2019
- How to create a secure and easy to remember password? - 28 December 2018
- 5 questions to ask before choosing a Backup & DR solutions - 18 December 2018