Creating Strong and Easy to Remember Passwords

by Andova Begarin

Presented here is a simple technique for passwords that is both strong and easy to remember.  Seriously.

This technique involves thinking in terms of tokens.  These are short character sequences of a particular format.  You make up your passwords from a number of these tokens.  Each token will be different, but also short and memorable.  Concatenate several tokens together and you have your strong, unique, easy-to-remember password.

For my examples, I'll use four disparate tokens.  These are guidelines.  People should make up their own token system, but this system is as good as any and better than most.

The first token is a non-word word, which is a sequence of letters that are pronounceable like a word but is not a word itself.  The second token is a number.  The third token is punctuation.  From those, you make a password root.  There will then be a forth token of your choosing which will be used to make the different - yet memorable - password for each account you want a password for.

Here is a notation for the tokens:

[NWW] [NUM] [PUN]

Here are some examples (with the token category obvious):

Foobey Bletch 411 187 ?

(The fourth token comes later.)

To make this work, you would create tokens that are unique to you.  The non-words from any milieu in your brain, numbers from your surroundings or from any set of related numbers (or random numbers), and your favorite punctuation character.  (Some of you might like to use hexadecimal or octal numbers.)

Once you have some tokens, you need to order them in any way you like.  The result will be a strong and easily remembered unique sequence of characters that cannot be guessed or cracked by any algorithm (before we all die and turn to dust anyway).

Just two examples will demonstrate:

[NWW] [NUM] [NWW] [PUN] [PUN] [NWW] [NUM] [NWW]

Just pick the quantity and order you like that you can remember.  Those examples show a minimum number of tokens for anyone to come up with something fairly strong.  Larger brain capacity?  Then use more tokens.  But those minimums really are sufficient.  (And not yet complete.)

Here are a couple of these types of passwords:

Foobey99Bletch$ 42Bletch!Foobey

Pretty Good Passwords (as this technique can be called).  The result should be "pronounceable" as well (i.e., "Foobey Ninety Nine Bletch Dollar").  Now for the last step.

Once you have your password root, one more token is needed, one to use for each account, and unique to you.  Perhaps one or two capital letters, related in some way to the account, prepended or appended:

Foobey99Bletch$A Foobey99Bletch$P

And there you have it.  An easily remembered, strong, non-guessable, non-crackable password.

One last thing.  I use my password root by itself for all accounts that do not have a website login, such as FTP accounts or mail accounts (that are not Yahoo!, Gmail, etc.).  Those being the same is pretty safe as such accounts do not have published interfaces.  (It's just less typing and makes things a bit easier for me.)

Safe and secure Internet use requires due diligence and careful configuration and attention to detail of the programs you use to connect to it.

A strong password is just the first step.