"Never Write Down Your Passwords"
We hear this at work, on the internet, from our banking institutions, and basically from anywhere else that issues us a password to access our data. The problem is that in today's digital world, it's nearly impossible to keep track of all those passwords and commit them to memory. The rules force you to change them every so often and to use special characters in addition to upper case and lower case letters. How can a person commit passwords that look like gibberish to memory? Odds are, they don't - they do exactly what they're not supposed to do; they write them down or store them in a file on a computer somewhere. So how does one safely manage all of those passwords or even come up with new ones that actually are complex but easy to remember? Here are two methods I use to create complex passwords that I'm unlikely to forget.
Method 1: Use Keyboard Patterns
In this method, your passwords will not include any actual words and at first glance, will appear to be random characters. Let's assume the typical complex password requirements: 2 upper case letters, 2 lower case letters, 2 numbers, 2 special characters, in total at least 11 characters long. In order to hit all of these and still be something memorable, you can make use of a keyboard pattern such as the one below:
In this example if we use keystrokes in the order the arrows go and separate each arrow with the key that has been circled you get 1qaz.2wsx.3edc and at this point you only need to determine how to add 2 capital letters. If your name is John Smith, you might want to just use your initials as another section of the password so using the same pattern maybe you could use JS.1qaz.2wsx.3edc as your password. Now you've got to admit, it types quick, easy to remember, as complex as you'll ever need, and who's gonna be able to guess that beast of a password? Over at howsecureismypassword.net that very password is expected to take 2 quadrillion years to crack using current day computing techniques. Take that hackers!
You can make up any pattern on the keyboard that you want, as long as it's a pattern you'll remember. Here's another example:
Maybe in this example you'll use a forward slash (/) as your special character between segments and put the initials at the end. The password would look like this: 2345/wert/sdfg/JS
Method 2: Using Your Own Password Creation Algorithm
In this method, you'll create a password for each account that is unique and centered around a baseline password that you make up. What's important is to remember the steps you take to create the password because then you can always rebuild it from scratch when you need it. So let's start off with some real words to get started. One of my favorite classic rock bands is Aerosmith so here's an example of creating a password starting with Aerosmith.
Step 1: Put the word in all lower case: aerosmith
Step 2: Break the word into 2 segments: aero smith
Step 3: Make 1 letter in each of the segments capital: Aero Smith
Step 4: Change 1 letter in each segment into a special character: Ae%o Smi+h
Step 5: Change 1 letter in each segment into a number: A3%o Sm1+h
This is your baseline password. For the final step you'll connect the words together but in between them put two letters that identify the site or account the password is used for. For instance maybe you decide to use the first 2 letters of the account or site name so if it was for your gmail account, your password would be A3%ogmSm1+h and if it was for your yahoo account maybe you would use A3%0yaSm1+h
Although this results in a password that is not quite as easy to type as the first method, the advantage is that you can have a unique password for every site without having to memorize them. You only need to memorize the steps you took to create the password in the first place and you can rebuild it whenever you need it. In case you were wondering, howsecureismypassword.net says it will take about 4 thousand years to crack this password.
If You Must Write Them Down...
Though I could never condone it, if you must write down your passwords, be sure that you store them either in a locked safe for physical security or on an encrypted file system protected with a master password (hey you can remember at least one password right?).