How To Create A Good Password If You Are Not A Literal Computer

From ms-demeanor.com
Jump to navigation Jump to search

You should not be creating your own passwords 99% of the time. You should be letting your password manager create complex passwords that you don't know, because that is going to be the best way to keep from having your passwords stolen or cracked. However, if you absolutely positively need to make up a password on the spot and you can't use a randomly generated one, here are some simple ways of making up a secure password.

Use a Passphrase

If the site you're on will allow you to use many characters but doesn't require special characters, then the length of the password is what matters and you're going to get more mileage out of a long password than a complex one. Many people probably know this as the "XKCD Method", in which you combine four simple words like "correct, horse, battery, staple" and mash them into one long password. This is a good way of making a password on the fly but I don't recommend it for long-term use because using words that are too common actually makes the password easier to guess than that comic supposes.

If you want to use the passphrase method, use those passwords temporarily and change them to random passwords later OR if you need to keep that kind of password for a long time, use uncommon words. You're not looking for "elbow, tiger, wrench, sunset" you're looking for "tessellate, yeoman, buccal, fibrous."

Use an Initialism

This is the method that I prefer, and it involves taking a relatively long phrase (such as a line of poetry or the chorus of a song) and selecting the first letter of every word to compress down into a password.

To increase the entropy of the passwords generated by this method, I usually include the year that the phrase was published, initial capitalization, and any punctuation that could reasonably be part of the phrase.

So, for instance, I am a fan of the Joan Jett cover of "I love rock 'n roll" that was released in 1982. If I wanted to use this to generate a password I'd do this:

  • Pick the line I was going to shorten: "I love rock 'n roll, put another dime in the jukebox baby"
  • Keep the first letter of each word, including capitalization, and keep the punctuation, but remove the rest: "Ilr'nr,paditjb"
  • Add the year that the single was released to the beginning or the end of the password: "Ilr'nr,paditjb82"

When in doubt, I try to keep things simple. Initial capitalization and a number at the end work better for me than capitalization after each piece of punctuation and a number at the beginning. This is a relatively easy way to create complex, memorable passwords with special characters, numbers, and upper and lowercase letters on the fly. This kind of password is still probably more guessable and less secure than the randomly generated ones your password manager will give you, but they have the advantage of generally being much easier to remember and to type; this is the kind of password that I use to log into my password manager and into my computer because I'm less likely to transpose characters than if I was using a randomly generated password.

When you are setting up a password manager, you are cautioned to use a password that you won't forget - especially if you're using something like Bitwarden in which the company can't help you with account recovery due to encryption. I find that having a little tune to remember as I'm entering my passwords really helps to reinforce which passwords go with which sites/devices and makes it harder to forget these kinds of complex passwords.

But you should still be using randomly generated passwords wherever possible, please.

Retrieved from "https://www.ms-demeanor.com/w/mediawiki-1.40.1/index.php?title=How_To_Create_A_Good_Password_If_You_Are_Not_A_Literal_Computer&oldid=193"