Marja threw me a challenge in her Spam from Xavier comments to write about creating strong passwords. The idea comes from our Lab Blog, where Sean posted about this a while ago.
I am one those people that have a very short attention span for technical instructions, so let me try to explain this as shortly and clearly as possible. Just in case you are like me. 
The idea is to use a system that allows you to do 2 things:
1. Remember your passwords through writing a part of it down. The only thing you need to remember is a part that is the same for all your passwords; a pin if you will.
2. Create passwords that are good and strong, unique and can’t be guessed
Here are the step-by-step instructions:
1. Think of a “pin” for your password, this is the part that is same for all of your passwords. The pin should be 3 characters or longer, it could be something like “25!” and this part should be kept secret.
2. For each of the web sites that you need a password for, you create a code that helps you remember what site/service the password is for. For example aMa for Amazon and gMa for gmail.
3. Continue the password with a random set of 4 or more characters, for example: 2299 or xy76. You should use different random characters for your different passwords.
4. Write down parts 1 & 2 on a note and keep is safe so you don’t forget it. In this example you would end up with a note in your wallet with this written down:
- aMa2299
- gMaxy76
5. When using the passwords, add your pin to them. Remember again that the pin should not be written down anywhere! You can decide the location of your pin too. With the example pin “25!” created in the first step we would end up with 2 passwords that could be:
- aMa229925! or 25!aMa2299
- gMaxy7625! or 25!gMaxy76
Tadaa, you now have passwords that are unique and can’t be guessed! And of course you only need to remember a part of it! By having unique passwords you can also make sure that even if someone finds out one of your passwords, the others are still safe.
As a final note, should you choose to use this system, you should come up with your own passwords and not use the ones used in this post or in our Lab’s post.
Hopefully I managed to make it sound relatively easy. If not drop me a question below.
Annika
Facebook
Twitter
RSS
E-mail
41 Comments
good, i liked it so much,
I’m trying to get facebook on my school laptop so i can get a tafe password.
Hi all!
Usually Everyone is telling us to use “Strong Passwords”, but when it comes to ordinary people (that are not into IT-security) just about all methods to create these strong passwords are simply not working for them…
So I have for years been teaching people a “ordinary peoples” way of creating stronger passwords.. a method that works even for kids and people with dyslexia … and, although not the superstrongest, it creates passwords that are multifarious times stronger than the ones peoples used to use…
All you need to do is to come up with a sentence with at least 8 words and only type the first character of each Word..
For example: My cat Garfield has black and white Fur
That creates the password: McGhbawf
(Even kids remember a password like this one, and it`s FUN!)
This is a far way better than the average passwords of garfield, volvo or your kid names etc..
And believe it or not… it is very easy to teach ordinary users.. of all sorts…
The point (in the end) is It’s not about creating the strongest password, its about having more people moving toward using SAFER passwords..
Many people in IT seems to forget that! sadly!
This is quite handy as well, I agree. To keep the passwords unique, different sentences should be used for different sites. Combining this idea with the pin would also create stronger passwords so that there are also numbers and special characters included.
I employ the same method Thomas, with one exception. I go a step further and add some 1337-speak to it (substitute some letters with punctuation or numbers). So in your example, I would have used, McG#b&wf (H is like # and the word ‘and’ is &). Even harder to crack!
Thanks for the tips.
Hi.
You all right…
I use the “I like HopHop a lot, and my girlfriend” coud be “IlHH4l,4mg”
– I have capital letters too, AND “,” and digits…
- And it´s still fun
But the first within the “pin code” i like this…
Regards Chris
I am definitely in favor of ideas that help make things more fun
Like mentioned in the comment for Thomas it’s also important to keep the passwords unique.
A good tip for remembering different passwords is to use different lines from your favourite song(s)
For example…
I got my first real six-string
Bought it at the five-and-dime
Played ’til my fingers bled
It was summer of ’69
could give you these passwords:
IgMfrss25!
BiAtfad25!
PtMfb25!
IwSosn25!
Then just write down which line you need for each website you log into.
(ps. you could also choose a good song
)
When teaching how to generate a good and memorable password, I use both Annika’s and Thomas’ ideas:
1. For example: My cat Garfield has black and white Fur
That creates the password: McGhbawf
2. For each of the web sites that you need a password for, you create a code that helps you remember what site/service the password is for. For example aMa for Amazon and gMa for gmail.
3. Add 1+2 plus if you want some extra unique info.
1+2 = McGhbawaMa, aMaMcGhbawf, gMaMcGhbawf, McGhbawfgMa, or,…
It is also easy to use dots, etc and change i letters to 1 and o letter to 0, if you want to add numbers that are easy to remember (or change words like two to 2 and thirty to 30).
At least kids have liked to generate as strong passwords as possible, with using these easy tips.
I use loger “pin” (9 characters), so I have only two parts in my passwords. Gmail is gmail+pin, Amazon is Amazon+pin. I don´t have to write anything down to remember my very strong passwords.
This is all well and good until someone hacks your gmail account and obtains your PIN, then realizes that you preface all your passwords with the site name, thus they can now try other well known sites with variations of the site name (amazon) and brute force their way into your account.
It is important to keep the PIN hidden. I realize that sometimes some services send you emails with your password. I always delete those emails immediately so that getting to my email would not mean getting to other services as well.
It makes it a bit less obvious if you don’t use the name of the site, but instead a description, and interleave woth the pin.
Say, your pin is L09ghU7, and you need asswords for Blogger.com, your mail account, your website and Twitter. You might end up with
Lm0a9iglhU7 (interleave mail)
Lb0l9ogghU7 (interleave blog)
Lw0e9bgahdUm7in (interleave webadmin)
Lt0w9egehtU7 (interleave tweet)
That’s a great wee tip. I’m impressed…
i forgot my mobile anti theft password please give me its first password
Hi Husain!
You should contact our support. They can reset your password. You’ll find their contact details here: http://www.f-secure.com/en_EMEA/support/home-office/contact-support/
Cheers,
Hetta
Its scary if one forgets the PIN. Most password reset features don’t retrieve back existing password (for security reasons, right?) The difficult part is remembering which shortform for which site and the unique 4 characters.
I prefer using passphrases than passwords. more characters and turn some of them to 1337-speak and things get much tougher…hopefully.
Its also scary that mailman and similar mailing list managers email you your password in plain text. No idea why, but keep a look out for these mails. remove them and use a unique password here that you can afford to forget. They keep reminding monthly anyways.
Wonder why KeePass or LastPass doesn’t figure in any of this. Besides creating rememberable difficult passwords, keeping a backup in one of these password managers (say) only to be used in case of amnesia attacks would be a practical measure.
People will never use strong passwords – even if you can remember one password what about the other 50? Then you have to remember which one relates to which service or site. The answer is either one-time passwords or a password management system…
See: http://bit.ly/9TsBRk
Yes – and no. I agree it’s impossible to remember 50 passwords. But who says you need to? Its possible to use only one strong password and mutate it by a fixed scheme. This works particular well with websites but also with products and services. You “(re-)create” the password on the fly each time you visit a website. See http://t.co/A5WYdBJ for more details.
hai sir my name is abdul pls my mobile download in f-security onyl 7days i forgate my password pls give me sir plsssssssssssssssssssss
i forgot my mobile anti theft password please give me its first password
Please contact our Customer Care team: http://www.f-secure.com/en/web/home_global/support/contact/request
When it comes to creating useable passwords that are secure I have discovered http://www.pixelock.com a service that is convenient and secure. Any comments on it?
Cheers
Steve
Great post, I liked the steps.. thanks
or just use a decent password manager such as 1password
You have some great ideas here and this password system seems similar to mine I’ve been using for a while.
I described mine here: http://karlblum.net/blog/2011/01/how-to-remember-secure-passwords/
nice post…..Really good stuff..
I have made such a post earlier about the same…you can read it here
Great post Annika, some good ideas, as well as some of the other follow up suggestions posted here.
I use 1Password to generate mine, a different one for every site and I write them down as well in a safely kept notebook in case of a crash.
1Password can generate some awesome combinations.
I Want to be informed when someone is trying hack my Facebook. I had to make a knew facebook Because I got hacked… please help thank you!! :0/
i couldnit undersataaa
i want relief from hackres
Hi mates, its wonderful article regarding teachingand fully explained,
keep it up all the time.
I am now not certain the place you are getting your information, however great topic.
I needs to spend some time learning more or figuring out more.
Thank you for wonderful info I was searching for this information for
my mission.
It’s best to participate in a contest for the most effective blogs on the web. I’ll
suggest this website!
The very core of your writing whilst sounding agreeable
in the beginning, did not really sit well with me personally
after some time. Somewhere throughout the paragraphs
you actually managed to make me a believer but just for a while.
I still have a problem with your leaps in logic and
one would do nicely to help fill in those gaps.
In the event that you actually can accomplish that, I
would certainly be fascinated.
Hi! I know this is kinda off topic but I was wondering which
blog platform are you using for this site? I’m getting tired of WordPress because I’ve had issues
with hackers and I’m looking at options for another platform. I would be fantastic if you could point me in the direction of a good platform.
Nice post but I’m not sure that I agree. However, people consider me difficult at the best of times! With thanks.
Vad mycket arbete du lagt ner här. Rolig läsning!
Dycker upp, garanterat!
Thxx vry mch
;>
36 Trackbacks
[...] and your social media accounts. Smart passwords matter. Annika has written about the importance of creating and remembering strong passwords. A vulnerable password on your Facebook account can jeopardize your personal reputation and [...]
[...] And this fact did not escape the acquaintance who originally owned the account. Using the original account passwords, this 18-year old boy was able to take control of Hannu’s character and the virtual wealth Hannu had been building for years. And it seemed that there was nothing Hannu could do about it, except regret that he hadn’t changed the password. [...]
[...] near as secure as you might think (especially because you use your dog’s name for every password). Don’t let the bad guys know where you [...]
[...] One of the issues with creating strong passwords is that they are very difficult to remember. One solution is to use a master password, while the other is presented by F-Secure: [...]
[...] One of the issues with creating strong passwords is that they are very difficult to remember. One solution is to use a master password, while the other is presented by F-Secure: [...]
[...] One of the issues with creating strong passwords is that they are very difficult to remember. One solution is to use a master password, while the other is presented by F-Secure: [...]
[...] online threats How to create and remember strong passwords Be sure to check out Annika’s simple system for making sure your accounts are [...]
[...] aprimorar uma senha segura vi uma recomendação no blog da F-Secure dizendo que a senha deve ser quebrada em três [...]
[...] strong, complex password that you can remember is the key to keeping strangers out of your account. Here’s a simple password system we recommend. You should also use different passwords for your all of your various accounts, especially your [...]
[...] Most importantly, you should use different passwords for every account you have. Your passwords should be complex and not based on any public information like your kids’ or pets’ names. Keeping track of multiple passwords from multiple sites can be overwhelming. But here’s a system that makes creating and remembering strong passwords easy. [...]
[...] People do things online that they’d never do in the real world. A strong, unique password for every important account is crucial for your Internet security. That’s why we recommend this simple system to create and remember strong passwords. [...]
[...] A lesser problem is that your account is hacked and your reputation is ruined by an action supposedly performed by you. This is not as common. It is most likely to happen if you have immature friends, rebellious children or a jilted ex-partner and can be prevented by having a completely secret and impossible-to-guess password. [...]
[...] How to create and remember strong passwords [...]
[...] So, fine. People know when you’re born. That would be fine, if there weren’t potentially millions of people using their birthdays as PIN numbers for their ATM cards. Here’s a simple system for creating and remembering strong passwords. [...]
[...] Use a strong password and don’t let your browser remember it Your password is the key to your Facebook castle. If it isn’t strong, if it includes things that your friends and exes can guess, you’re leaving your drawbridge wide open. Creating and remembering strong passwords isn’t easy. That’s why we recommend this simple system. [...]
[...] Use and remember strong passwords. [...]
[...] Secure your systems Don’t use the default password for your voicemail or anything. Use strong, unique passwords for all your accounts. Don’t use work email addresses or passwords for social accounts. Put [...]
[...] up with a system for your [...]
[...] 1. Use unique, strong passwords for all your most important accounts. John uses the same password for every account. That means if a hacker gets a hold of John’s Twitter password, that hacker would have access to every account John uses at work or at home. Creating and remembering unique, strong passwords is a must for your most important accounts. This system for creating and remembering strong passwords makes it easy. [...]
[...] this guide, I’m assuming you know the basics of PC security. You have a strong password and your PC is patched and protected. I figure you lock your computer or smartphone, and you would [...]
[...] of times before but is still worth reiterating—use strong passwords. Here’s a refresher for the tips on creating and remembering a password. And once you’ve come up with a password, check out its strength [...]
[...] and don’t let your browser remember it Creating and remembering strong passwords isn’t easy. That’s why we recommend this simple system. And don’t let Firefox, or any browser you use, remember your passwords. To clear your [...]
[...] 1. Secure your PC and Password. How to do it: A. Update your system and security software. Our Health Check makes this easy. B. Choose a password that can’t be guessed. Make it a password that you only use for this account and none of your “friends” will able to guess. Don’t choose a word in the dictionary or any word mentioned on your profile. Here’s system we recommend. [...]
[...] matter to you. Lousy passwords are not a sin on a site you don’t really care about.” Here’s a system we recommend to create and remember strong passwords. Also keep in mind that you want to limit information you share on public machines or over free [...]
[...] actually matter to you. Lousy passwords are not a sin on a site you don’t really care about.” Here’s a system from F-Secure which can help you to create and remember strong [...]
[...] use smart passwords and have your PC patched and protected. You know, of course, the most important privacy feature on [...]
[...] Choose a strong password that can’t be guessed. [...]
[...] As a basic rule, you should not share your passwords with anyone. For the accounts that matter to you the most, you should choose a unique password that cannot be guessed. We recommend this system. [...]
[...] strong passwords your friends can’t [...]
[...] Remember to use different passwords for all of your accounts that matter. Need help remembering strong passwords for all your accounts? We suggest this system. [...]
[...] method is fully explained in F-Secure Safe and Savvy blog. Basic idea is to have part of your service dependent password at paper and remembering a secret [...]
[...] Passwords. Use strong and UNIQUE passwords for each account you really care about. We recommend this system. Never use the same password for your work and home accounts. Never use a password that any friend [...]
[...] LoJack for Laptops How to Remember Passwords011 May 2010passwords by arieannaOne of the issues with creating strong passwords is that they are very difficult to remember. One solution is to use a master password, while the other is presented by F-Secure: [...]
[...] reuse your work passwords for personal accounts. You need to make sure your work passwords are strong, reasonable for you to remember and unique! The last thing you want is a Facebook or webmail hack to lead to a compromise of your work network. [...]
[...] 1. I will have a strong, unique password for every account that contains private information. If you’re super concerned about protecting your privacy, you’ll use unique, unguessable passwords for all your accounts and update them 3-4 times a year. For your most important accounts, this is essential. But for your webmail, banking and Facebook accounts, if you have them, good password hygiene is a must. Here’s a system to create strong passwords you’ll remember. [...]
[...] a system we recommend to create strong passwords you can remember for you most critical [...]