Here are suggestions for creating passwords that are both strong and relatively easy to remember – passwords that should provide sufficient security for most applications while preserving ease of use:
1. For sites that need strong passwords, create an memorable, strong code by doing the following:
• Combining three or more unrelated words and proper nouns, with numbers separating them. For example: “desktop8jonathan3goats.” Such a password is far easier to remember than “w4x&Py6Q.” In general, the longer the words the better.
• You can ensure compliance with systems that require the use of a special character by adding a special character before each number (e.g., “desktop!8jonathan!3goats”), and still keep things easy to remember by using the same character after each word in every strong password. Such an approach is not the best way to do things from a security standpoint, but, it makes memorization much easier, and the security should be good enough for most purposes anyway.
• Ideally use at least one non-English word or proper name with which you are familiar but which others wouldn’t easily guess that you selected as part of a password (so if your significant other has a non-English name don’t use it!) – e.g., “louvre!8iyengar!3goats.”
• To increase password strength even further without making memorization difficult consider using a couple capitals that always appear in a particular location throughout all of your strong passwords – just don’t put them at the start of words (e.g., the last two letters of the second word – “louvre!8iyengAR!3goats,” or by site type – e.g., “the second letter for banks, third for credit card companies, and fourth for all other sites,” or by the letter corresponding to the length of the name of the site being accessed – e.g., the fifth letter for chase.com, etc.) A password created with such an approach is a lot easier to remember than a complex, unintelligible mix of letters, numbers, and symbols, and since the pattern is similar for all of your strong passwords it makes memorizing many of them much easier as well. As before, the security trade-off once a password is already relatively strong is likely worth it when compared with the improvement in usability.
• There are many adjustments that can be made to the overall three word approach – you can dramatically improve the strength, for example, by switching to four words – the primary point is that there is a way to create a significant number of strong passwords without resorting to having to memorize many passwords like “w4q6zC4g&” and that the risk created by of using similar structured passwords seems far smaller than the risk of improperly storing, or frequently forgetting, complex passwords.
2. Of course, you can use a password storage tool for a smartphone – but make sure that the app is secured with extremely strong security and is legitimate. Imagine the damage that you can suffer if you utilize such an app and somehow it is compromised or infected with malware.
3. One more thing – do not change passwords too often. This recommendation may go against conventional wisdom – but that’s because many security professionals seem to think theoretically without a good understand of human weaknesses. The AARP itself states “Change critical passwords frequently, possibly every other week.” Think about that for a moment. If you have a bank account, mortgage, a couple credit cards, a phone bill, high speed Internet bill, utility bills, social media accounts, email accounts, etc. you may easily be talking about a dozen or so critical passwords. Changing them every two weeks would mean 312 new critical passwords to remember within the span of every year. How many people stand a chance of remembering that number of codes, never mind complex codes? Changing passwords often makes if far more difficult to remember them – increasing the odds of their being written down and stored insecurely.