Friday, October 16, 2020

Complex Unforgettable Passwords

It used to be that you only had to remember a couple passwords. Those days are long gone. You can't use one password for everything anymore and you never should have anyway. What happens when (not if) one of the sites you use gets hacked and your password goes on the dark web? Or if someone tricks you into giving them your password to a specific site? These days just about everything you access requires a password and most people have to keep track of so many they could fill a small address book.

How do you create a really good secure password that you can remember? These days sites require very complicated and long passwords. I remember years ago reading an article about a test of a 2,000 user password file that was put up against a password cracking program. None of the passwords was modified prior to the test, but they did add one. The added password contained numbers, letters and a symbol.

Before the end of the first day the program had figured out all the passwords except the one that had been added. The lesson learned? The addition of a symbol makes the password much harder to break.

The preceding is good to know but how is that applied in today's environment? How can anyone be expected to keep track of 50 plus passwords that need to be complicated? You don't want to have to write them all down in a book and carry it around with you. What if you lose your book? Or someone you don't trust reads it? There are programs that keep them but they can be inconvenient and insecure.

I literally have hundreds of passwords to keep track of. They are for access to web sites I use and access to systems I maintain. I don't access most of these every day; in some cases it could be more than a year. So I needed to come up with a way to be able to recall a password from memory even though I have a lot of passwords to remember.

So below is how you can do it, too. Follow this guide. It's not complicated (promise) and you will be able to create as many passwords as you'll ever need to remember without having to write any of them down.

Here's how it works …

Pick two words with a minimum of 3 letters

Word 1: gym
Word 2: fan

Tip to make it more complex: Use larger words if you'd like.

Pick a day of the year using leading zeros.

March 25
is 03 25

Tip to make it more complex (for you nerds): Convert your numbers to hexadecimal.

Pick a symbol from this list of symbols: Plus ( + ) Hyphen ( - ) Carat ( ^ ) Tilde ( ~ )

For this we will use Minus ( - )

Note: You can use other symbols. I chose these as they are the most widely accepted in passwords.

So for review we will be working with:

gym fan 03 25 -

Pick which letters of the words chosen to capitalize; Outside, Middle or Inside

Outside looks like this: Gym faN
Middle looks like this: gYm fAn
Inside looks like this: gyM Fan

For this we will use Outside

In reality you just need to choose one letter in each word to capitalize. The reason for outside, middle or inside is to create a pattern which will be easier for you to remember.

Note: If your words are longer than 3 letters then Middle becomes closest to the Outside or Inside

Once you get that part done, you are done creating your pattern. Here are a few examples:

Word 1SymbolMonth DaySymbolWord 2
Gym-03 25-faN

The result is: Gym-03 25-faN

MonthWord 1Symbol SymbolWord 2Day
03Gym- -faNfaN

The result is: 03Gym- -faN25

Word 1MonthSymbol SymbolDayWord 2
Gym03- -25faN

The result is: Gym03- -25faN this becomes our password template

You can see I left a space in the middle. This is how you make the password unique for every site you access. You use the site or system name you are accessing to create what goes here. So you only have to remember the pattern you created. What you are accessing provides the final part of your password pattern.

This next (and last) part of the pattern is what makes the password unique. It is based on the first "X" number of characters of the site or service you are accessing. I recommend you use no less than two. In this example we will use the first three. I call these the "unique characters".

So if you were creating a password for

The unique characters are: ama

Then decide which one of the letters you will always capitalize. For this example we will use the middle one.

That changes unique characters to: aMa

Now take those letters and insert them into your pattern. We will use

Word 1SymbolMonthUnique LettersDaySymbolWord 2

When you insert the unique characters your password for is


That password looks complicated enough doesn't it? Lets use this for another couple sites: - Gym-03fAc25-faN - Gym-03mIc25-faN - Gym-03tWi25-faN - Gym-03yOu25-faN - Gym-03yAh25-faN

So as you can see this allows you to create a long and complex password that makes sense to you but is not easily hacked. If a system you have used this password on is compromised it cannot be directly used on another system and the likelihood that someone would recognize the pattern is minimal.

I gave you three different patterns but you can arrange them different ways. Use something that makes sense to you. The only hard and fast rule is, never use a symbol first. Many systems don't support a password like that.

You can also do other things to make it even more complex.

Change the Month/Day, Words or Symbols for the type of site your accessing. Lets use numbers as an example.

Any regular site: March 25 (03 25)
Any financial site: July 4 (07 04)

So ... - Gym-03fAc25-faN - Gym-07fSt04-faN

Use two symbols one for the left and a different one for the right - Gym+03fAc25-faN - Gym+03fSt25-faN

You can also use the tried and true method of exchanging a letter for a number or symbol.

A => @
E => 3
I => 1
O => 0
S => $

My point is that you can make this your own so it's easy for you to remember. You don't have to follow what I did as a strict guide. Use whatever helps make it easy for you to remember. The concept is what's important. Its much easier to remember a pattern.