OK, you like to write down your passwords and don’t trust those password manager apps because they’re a little too 1984 for your tastes. I totally get that. But you can’t just write down your usernames and passwords in a little notebook or on a Rolodex (hey unnamed family member … I’m looking at you). That’s just asking to lose your notebook and have someone else get ahold of all the keys to your digital kingdom.
The reason password managers are valuable — no, I’m not trying to sell you on them, just giving you an example of what they do and below we’ll see how you can do that, too — is that they can make up long, complicated passwords and remember them for you. Humans are bad at remembering passwords like 6#C0i4SLjzyHnVEHApBF, even though a password like that is really strong. Therefore, we end up creating passwords we can remember or easily type and those passwords end up being much shorter and simpler — and consequently much less secure.
What we, the humans, have to do is come up with ways of creating long, complicated passwords that we can easily recall (with help from our keywords) and type.
Creating Stronger Passwords
We will create stronger passwords through word association. That will give us a way to write down a few short words that remind us of our passwords so that we don’t actually write down the real password. Yes, that’s confusing. You’ll see what I mean in just a minute.
Let’s say you’re a fan of the band KISS. Below we have a list of members of the band which we’ll use in your passwords as well as short keywords you can use to remind yourself of the words they represent.
- Singer = PaulStanley
- Guitar = AceFrehley
- Bass = GeneSimmons
- Drums = PeterCriss
Of course, these could be characters from books or plays, memorable high school teachers, titles of movies or books, Greek gods, etc. We just need a list of names (without spaces, as you probably noted) and simple words that you can use to easily recall those names.
Now let’s come up with some keywords that represent numbers because every password needs a number or two.
- Chevy = 84 (the year of the first car you ever bought for yourself)
- Home = 1142 (the street number of your childhood home … so long as your family no longer lives there)
- Coolidge = 418 (the number of people in your graduating class from Coolidge High School)
*Note that I normally would suggest you not use the year you graduated and I would never use the street number of the house you currently live in or currently own.
And, finally, we need some special characters.
- Crispy = # (pound sign or hashtag … because you love extra crispy hashbrowns)
- Pallet = _ (underscore … because it looks like a pallet and you like to make craft projects from pallets)
- 50 = – (dash … because you were on the track team and ran the 50-yard dash)
With these ten keywords and their associated real password values, you now have a wide assortment of passwords you can create. And while you’ll start with just a few keywords, you’ll probably come up with more along the way giving yourself even more password options.
Password Examples
Now, in your password list, instead of writing the password itself, you just write your keywords. For example…
Amazon: Drums Crispy Chevy Pallet
This makes your Amazon Password PeterCriss#84_. And that 14-character password would take 200 million years* to hack at today’s computing power.
Facebook: Pallet Singer Coolidge 50
This means Your Facebook password is _PaulStanley418-. At 16 characters, this password would take about one trillion years*.
Bank: Crispy Home Bass 50 Chevy
Since you want a really secure banking password, you went all out and generated the 19-character password #1142GeneSimmons-84. This may be overkill but hey, it’s your bank where all your money stays. This password would take approximately 500,000,000,000,000,000 years* to crack.
* See Chart Below
Final Thoughts
Once you have a small set of keywords representing words, numbers, and symbols, you can easily expand them. If you started with a band like KISS, you could add in characters from a book (hero = HarryPotter, best friend = RonWeasley, smartone = HermioneGranger, villain = LordVoldemort, adversary = DracoMalfoy), a list of your high school teachers (geometry = MrsClements, calculus = MrWard, humanities = MrsHolland), etc. Once you get your list of keywords and passwords rolling, it’s easy to extend it.
Typing these passwords is simple as opposed to something like y9LKXxuj[(Q. You can read the four or five keywords and easily type a complicated password. And the passwords are based on your personal experience so it’s difficult for even friends or family to interpret them.
However, even your nice, long passwords won’t be that safe as we move into the future. According to Moore’s Law, computing power doubles every two years. That means that in 10 years, your Amazon password in the example above (currently at 200 million years to crack) will only take 6 million years to crack. That’s still really good, but if you have a weaker password, say one that currently takes 400 years to crack … which seems pretty strong, right? Well, just wait … in 10 years that will only take 4 months to break. In 20 years, it’s down to 3 hours and 19 minutes.
Just imagine, if your password is _Green27. That seems fairly complex and currently clocks in at 8 hrs to crack. But in ten years, that will fall in 28 seconds while in 20 years someone will crack it in 20 milliseconds.
If this concerns you at all, read my other article about password managers: Should I Use a Password Manager?
How Long Does it Take to Crack a Password?
