Tuesday, April 03, 2012

Creating Effective Passwords

I have been giving a lot of password advice at work lately, & over the years I’ve read several different ways to invent passwords. I think I have a pretty good system for creating them. Here it is:
1. Come up with a password that has absolutely no significance. I call this the “root password.” Use at least six characters. More is better. So is a variety of letters, numbers, & symbols. example: k5$3b4
2. Memorize it. (You can write it down somewhere without worrying about it. Read on.)
3. For whatever site you need a password for, take two characters from that site’s name and then add them to the root password. Use the same system for all sites.For example, you can use the first two letters of a site’s name. Facebook = fa, YouTube = yo Add them to the beginning of your root password and your password for Facebook becomes fak5$3b4, YouTube is yok5$3b4.
There are an infinite number of variations for this. You could use the first and last letters of a site’s name, second & third, capitalize them, add them to the end or in the middle of your password, or split them with a punctuation mark.
This system has worked for me. My passwords are different for all sites & they are easy for me to remember.
Two more bits of advice: If you use a mobile device make sure the characters you choose for your root password are easy to access. On my laptop the percent symbol, %, is just a shift key away, but on my iPad it takes three taps. It is still a good idea to change your password regularly. When you change your passwords simply vary your system or root password.
If you would like to check you password strength, passwordmeter.com can do this and also gives some ideas for creating a stronger (root) password.

Cross-posted on my blog.


  1. I like that idea Steve. I also encourage using a sentence and have your password be the first letters of each word. It creates a unique password that is say to remember. I need to try to combine that with your idea to have a different password for each site!

  2. One of the ways I talk to students about crafting strong passwords is using Leetspeak, where letters and punctuation are replaced with numbers. I also recommend using a class of combined words, such as colors and fruit, with a space between the words if possible.

    As XKCD pointed out "correct horse battery staple" is easy to remember, and exceedingly difficult for computers to guess.

    --Andrew B. Watt

  3. Great Idea! I will have to share it with staff and students.


Note: Only a member of this blog may post a comment.