Good Passwords Don’t Have To Be So … Cryptic!
If you're anything like me, remembering passwords can be a real challenge. The temptation is always there to just use the same one, or a slight variation, everywhere. Or worse yet, let your web browser remember them all. (Hint: they can easily be hacked if someone gets hold of your computer, and easily lost if you have to reinstall things.) There's no perfect solution, but some are better than others.
The xkcd approach
Some will argue that using words like this are less secure. This is only true if the person or system guessing knows that this is your strategy. Even so, four words of varying length is a lot of possibilities – and can still be remembered.
Need a hand coming up with words? There’s a really cool mapping service called what3words.com. It uses three words to map everything on the planet down to a 3 meter square. (That’s roughly a yard for those of us in the US still using our out-dated, less efficient method of measuring distance!)
The HealthyPasswords.com approach
Your brain and a system: This is our recommendation. We are an advocate of the password sandwich. Our Healthy Passwords book is about this, so this will be a very brief explanation. This is where you create a short ingredient list. Preferably, two weak ingredients (the bread), and one stronger ingredient (the main ingredient) is used. You connect them with special characters (condiments). The system part is how you assemble it. First, We recommend one piece of bread be a site code such as tcn for thecrimson. Second we recommend an expiration code for the other piece of bread such as q2 for expires second quarter. For the main ingredient we recommend mnemonics of short rhythmic phrases. Use a song you cannot get out of your head. In the book we use the public domain example of “Three blind mice, See how they run” to create TbrShtr. Putting it together, thecrimson becomes tcn@TbmShtr!q2 and TWITTER becomes twt@TbmShtr!m4 (Twitter expires every month presently at the end of April). You can write these all down using a shorthand on a simple wallet card using your own shorthand.
The PAO Method
Memorization techniques and mnemonic devices might help you remember an unbreakable password. At least, that’s the theory put forth by Carnegie Mellon University computer scientists who suggest using the Person-Action-Object (PAO) method to create and store your unbreakable passwords.
PAO gained popularity in Joshua Foer’s bestselling book Moonwalking with Einstein. The method goes like this:
Select an image of an interesting place (Mount Rushmore). Select a photo of a familiar or famous person (Beyonce). Imagine some random action along with a random object (Beyonce driving a Jello mold at Mount Rushmore).
The PAO method of memorization has cognitive advantages; our brains remember better with visual, shared cues and with outlandish, unusual scenarios. Once you create and memorize several PAO stories, you can use the stories to generate passwords.
For example, you can take the first three letters from “driving” and “Jello” to create “driJel.” Do the same for three other stories, combine your made-up words together, and you’ll have an 18-character password that’ll appear completely random to others yet familiar to you.
The Final Key
Here’s the tough one. Don’t use the same one twice. Or at least, have a bank of 3-4 that you alternate between. This might require that you have a secret decoder ring (a file on Evernote, Google drive, Dropbox, or iCloud that is named something really boring and inconspicuous – so, not “AllMyPasswords.txt”.)
Or consider a password manager like LastPass or 1Password they offer the convenience of helping store passwords, integrate with websites to detect new ones and changes, and can even work with mobile devices. Just make sure that password you use there is secure!!