How to create and remember strong passwords

Marja threw me a challenge in her Spam from Xavier comments to write about creating strong passwords. The idea comes from our Lab Blog, where Sean posted about this a while ago.

I am one those people that have a very short attention span for technical instructions, so let me try to explain this as shortly and clearly as possible. Just in case you are like me.🙂 The idea is to use a system that allows you to do 2 things:

1. Remember your passwords through writing a part of it down. The only thing you need to remember is a part that is the same for all your passwords; a pin if you will.

2. Create passwords that are good and strong, unique and can’t be guessed

Here are the step-by-step instructions:

1. Think of a “pin” for your password, this is the part that is same for all of your passwords. The pin should be 3 characters or longer,  it could be something like “25!” and this part should be kept secret.

2. For each of the web sites that you need a password for, you create a code that helps you remember what site/service the password is for. For example aMa for Amazon and gMa for gmail.

3. Continue the password with a random set of 4 or more characters,  for example: 2299 or xy76. You should use different random characters for your different passwords.

4. Write down parts 1 & 2 on a note and keep is safe so you don’t forget it. In this example you would end up with a note in your wallet with this written down:

  • aMa2299
  • gMaxy76

5. When using the passwords, add your pin to them. Remember again that the pin should not be written down anywhere!  You can decide the location of your pin too. With the example pin “25!” created in the first step we would  end up with 2 passwords that could be:

  • aMa229925! or 25!aMa2299
  • gMaxy7625! or 25!gMaxy76

Tadaa, you now have passwords that are unique and can’t be guessed! And of course you only need to remember a part of it! By having unique passwords you can also make sure that even if someone finds out one of your passwords, the others are still safe.

As a final note, should you choose to use this system, you should come up with your own passwords and not use the ones used in this post or in our Lab’s post.

Hopefully I managed to make it sound relatively easy. If not drop me a question below.


More posts from this topic


Are ‘Free’ Browser Extensions Worth the Price?

Are you ok with advertisers having access to your web surfing? Are you ok with them knowing your search terms, translated texts, visited websites, and clicked Facebook profiles? If not, you might want to have a quick look at your browser extensions. Browser extensions are plug-ins designed to give web browsers additional capabilities. Toolbars giving you features such as specialized search functions, web page analytics, and similar capabilities are popular examples of browser extensions. In most cases, they’re freely available for download from websites, making them a great way to improve the user experience of your favorite web browser(s). But browser extensions found themselves in the spotlight last week after an investigation by Northern German Broadcasting exposed the data collection and sharing practices of the popular Web of Trust (WOT) browser extension. According to reports about the investigation, WOT, which was designed to inform users whether or not the websites they visit are trustworthy, was collecting and selling data about their user base. Now, this in itself isn’t news. Many companies that provide services based on crowdsourced information monetize the data they collect in one way or another. Basically, you pay for these products with your data. And WOT states that they collect and share user data in their privacy policy, so they’ve done their due diligence in disclosing this to users. However, the investigators claim that they were able to match “anonymized” data shared by WOT with specific individuals. And this highlights a significant problem with monetizing user data: completely anonymizing data is very difficult and is an ongoing challenge. WOT is not the first company to fall down this slippery slope. In 2006, an employee at America Online (AOL) released search data for hundreds of thousands of users. The data was anonymized by replacing names of users with numbers. But this wasn’t enough to protect the identity of affected AOL users. In less than a week, the New York Times was able to correctly link a user with their AOL search records. So anonymizing data isn’t as straightforward as it seems. But what does all of this have to do with browser extensions? Well, browser extensions are a common source of something called potentially unwanted applications (PUA). The criteria defining what is/is not a PUA can be quite intricate. But basically, PUAs are programs that have harmful effects for devices/users, but do not qualify as malware. They often mix genuine value with negative “side effects” that can be well-hidden or perhaps even undisclosed. This doesn’t mean browser extensions are automatically PUAs (in fact, some security solutions like F-Secure SAFE’s Browsing Protection are actually browser extensions). Web browsers will often provide a well-curated selection of browser extensions to help users find good ones that enhance the capabilities of browsers in order to improve the user experience. And since browsers are most people’s gateway to the internet, improving the experience offered by browsers can improve people’s experience across a wide range of online services and websites. So you shouldn’t be afraid to trust browser extensions, including things like WOT. They often have significant benefits to users. However, you should be aware of how “free” pieces of software (not just extensions, but basically any free software) stay afloat. Companies that develop these products and services need to make money of them. And if they’re not charging you or relying on other sources of revenue, they’ve probably found a way to build their business using your data. Contains information translated from Der Spion in meinem Browser. [Image by Terry Johnston| Flickr]

November 15, 2016

Is Search Engine Result Link You’re About to Click on Safe?

Two of the top five sites on the internet are search engines, which makes a lot sense. We depend on them to find everything from the news to toothpaste to a place to eat dinner. According to, Google processes over 3.5 billion searches worldwide every day. Its rival Bing is rising to become the second largest search engine, accounting for 33% of all search queries performed. Now here’s the interesting part. Given these billions and billions of queries, can you be sure that all these search results 'harmless'? When you are clicking on a link Google, Bing or Yahoo! gives you, how do you know you are about to visit a site that is safe? You can't That's why you take simple precautions to make sure you don’t unintentionally visit malicious sites. The most convenient way to stay safe while using search engines is by using a free website safety rating service, such as F-Secure Search. F-Secure Search pre-screens the search results returned by a search engine and gives each result a safety rating. Harmful sites that try to violate your privacy or harm your device are clearly marked, so you know which sites are safe and which to avoid, even before you click on a link! Adult content is automatically blocked from search results, so you have peace of mind when your children are using F-Secure Search. Also, all communication between you and F-Secure is encrypted, so there’s no room for snooping. To help you keep both your personal details and your PC protected from malicious sites, simply go to and start using it today. You can also use F-Secure Search as the default search engine in your browser. And while we're you're thinking about surfing safely, take a minute to make sure your browsers are up-to-date. With a safe browser and safe results, you'll be surfing safer than ever.

September 12, 2016
Facebook Phone Number

Why Does Facebook Want My Phone Number?

Facebook has become the most popular social network in the history of known universe for a pretty simple reason: It appeals to our egos. Our egos love to be connected, recognized and comforted. But those needs are generally tiny compared to our desire to be flattered. And one way Facebook continually flatters us is by asking for our phone number -- continually. Like all the time. But like any stranger seeking your digits, the site may have ulterior motives. Ask Facebook, "Why am I being asked to add my phone number to my account?" and its help page will tell you this: Adding your phone number to your account will help keep your account secure, make it easier for you to connect with friends and family on Facebook and make it easier to regain access to your account if you have trouble logging in. That's true. But are there other reason that it might want this piece of information -- reasons that appeal directly to Facebook's bottom line? Almost certainly. In fact, the business case for getting your phone number may be so strong that it's likely at least part of the reason for the change in terms and conditions for WhatsApp, which is owned by the technology giant. So what does Facebook get when it gets your phone number? Potentially lots and lots of information about you -- possibly even your favorite breakfast cereal. Watch our chief research office Mikko Hypponen break down what the data scientists that help social networks sell ads learn about you from your number. [youtube] Even if you don't mind being marketed at with ruthless efficiency, there may be other ways Facebook could use your number that you might want to consider. You might have heard about the therapist who began seeing her patients pop in Facebook's "People You May Know" module. How did this happen? Fusion's Kashmir Hill suggests that "an algorithm analyzing this network of phone contacts might reasonably assume all these people are connected." And in this case the therapist didn't even remember giving her number to the site, but she had. If you're logged in, you can check if Facebook has your number here. This still could be some value to you in handing over your number. Two-factor authentication is generally a smart strategy for any account you want to protect -- and you need to offer your smartphone number to access the SMS messages you'll need to use. But remember: If you make your number available on Facebook, people can find you by searching it. So if you do use Facebook's two-factor authentication, you should consider hiding your phone number for anyone but yourself. To do this, go to your profile page, click "About" under your cover image and then in the left column click on "Contact and Basic Info". Next to your mobile number, click "Edit" and select "Only Me". This will make sure strangers won't find your number through your profile or vice versa. But it won't stop Facebook from knowing what your favorite breakfast cereal is. {Image by HighwaysEngland | Flickr]

September 9, 2016