Techniques for creating secure passwords

Most people are starting to realize that they need to start using more complex passwords, but generally believe:

complex password = hard to remember

This is not true. The solution I have been using for the last several years makes it easy to remember complex passwords, and even fun! Yeah, I really said fun ;)

passwords

Industry guidelines for secure passwords

From the FTC

  • Don’t use your name or birthdate — try to be unpredictable
  • Make your password at least 10 to 12 characters long, and use a mix of letters, numbers, and special characters
  • Don’t use the same password for multiple accounts
  • Keep your passwords in a secure place, and don’t share them with anyone — especially over the phone, in texts, or by email

Microsoft requires password have at least 3 of the following 5

  • Uppercase characters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
  • Lowercase characters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
  • Base 10 digits (0 through 9)
  • Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;”‘<>,.?/
  • Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.

 Our recommended password creation technique

One of the best ways to create a complex password that is easy to remember is to use a mnemonic or phrased based technique. The one I like the best is to come up with a phrase that would be easy to remember. Something personal to you is best. We will use this phrase as an example: “Dan has the best password advice I have ever seen.”

Then take the first letter of each word in the phrase. For some of the letters you will use upper-case version, and some letters can be switched with a number that matches (eg. 3 for e, 1 for i). The resulting password would be: dHtbBp@!h3s

Works like this:

  • d – Dan
  • H – has
  • t – the
  • b – best
  • p – password
  • @ – Advice
  • ! – I
  • h – have
  • 3 – ever
  • s – seen

You can then customize this based on the website or service your using at the time. For example, if your creating a password for twitter you might pick a phrase such as “I still don’t know why I waste my time on Twitter” which could give you the password of !sdky1WmtoT. Now we are having fun!

Password Managers

I also find that password managers can be a great help. I haven’t studied each well enough to give recommendations, but I personally use Password Safe (pwsafe.org) because I the pwsafe format is supported on many platforms and is generally easy to use.

About Dan Kuykendall 173 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.


*