503-602-9074 jason@lewisdes.com

While helping a client whose email password was hacked, I realized that there is a need for further education on creating safer, secure passwords.  I also realized I needed to review my own, but getting the motivation to go back through all of them was no small task. I’m sure some of you understand.   And most of you have been hacked or, at least spammed, by criminals who work full-time to take over email accounts and gather your personal and financial data.  In addition to trolling you and your social media for clues, they have software to crack your passwords. This means that it takes time and some helpful information to create secure passwords that thwart their efforts.

How are we supposed to keep coming up with more secure passwords that we can remember but aren’t easily hacked?  Let’s start with the basics…

What makes a password safe?

  • More characters (recommended minimum is 8)
  • Numbers, symbols, and capitals throughout
  • No words from the dictionary / anything common
  • Avoid obvious substitutions like @ for “at” and 3 for “e”

What does this mean? – This means Password#1 is no longer sufficient. We need to generate stronger, more complex and secure passwords to prevent hacking.

How do I create secure passwords that I can remember?

When I decided it was time to give my password bank a facelift, I turned to my favorite resource: Google. There were several handy blog articles about this very topic. But, for your convenience, I’ve narrowed down the techniques they discussed to the list below. If you want to learn more about these methods, check out two of my recommended articles from LifeHacker.com and MakeUseOf.com.

Base Word or Phrase

Choose a strange word that you can remember, and adjust it with capitals, lowercase letters, removing vowels or consonants, changing spelling, and adding symbols and numbers.

Word Example: Juxtaposition à 7uXt#pOS9t96on

Phrase Example: Lollipops are best on rainy days à Lalip60strD!z

The safest way for this to work is by not using the obvious substitutions. As you can see in my example, I replaced the letter “i” with the number 9.

book sitting on a bed with reading glasses - use a book to set secure passwords

Book, Video, or Movie

Find a silly or less common word in your favorite book, video, or movie. If you chose a book, write down what page it’s on, how many lines down, and how many words into the line. If you chose a video or movie, write down when the word is said by timestamp (minutes and seconds). Use these to change up the word.

Example: Eloquent (Chapter 14, page 1, line 9, word 5) à E14oq1e9t5

Mix Words

Come up with random words that don’t go together, and alternate the letters from each.

What’s your favorite flavor of ice cream? If you could purchase any type of car, what make would it be? Perhaps avoid common items such as these, but for entertainment’s sake, I’m sticking with them.

Example: Rocky Rd & Mercedes à RmoEcrkeYdreDs à Rm8Ec4k5Yd#!Ds

colonel mustard from Clue - The PAO Method for setting secure passwords

The PAO Method

Did you ever play the board game Clue? If so, you’ll probably recall guessing Colonel Mustard with the Candlestick in the Billiards Room a time or two. This is similar to the PAO method because you’re remembering three details about a scene. More specifically, the PAO method discusses the brain’s ability to remember things we can store in pictures such as a Person (P), Action (A), and Object (O).

So, imagine an odd scene of a person, action, and object. Perhaps you have a close friend, Sam, that really loves nature. Picture a miniature version of them skiing down a leaf. This could be distilled into three words: Sam, Ski, Leaf. Now repeat the process. Do this 3-4 times, and combine the words you came up with into a long, secure password.

Example: Sam, Ski, Leaf + George Washington, Conducting, Insects + Mrs. Peacock, Fencing, Spork à SkLfGrwgtNciNMpKFpr à 8kLf#Grw2gtNciN1pKF05

Finding the Right Generated Password

This may be one of the easier methods to use because it doesn’t require a lot of adjusting. Simply go to a random password generator and have it create a bunch of secure passwords, let’s say… 20. Then, go through that list, and find ones that seem possible to pronounce verbally. After that, note which might be easier to type. Keep the passwords that fit both of those criteria, and use them for your important accounts.

Example:

  • EFDsS-2Xu*zax3Bx
  • &=Uk36X-sQcdj!5g
  • aNN$rNs8n+y5*%-s
  • puBw+6w5*Zpz^vd=

Number 4 actually looks like the word “Pub,” but the rest of it seems difficult to pronounce. Let’s try some more…

  • H_jAseMk5^MN#ej
  • U2$F-Ga9swmh8e#
  • CTrFVTkP-?u6+Gg
  • W45^pd2s&dVpv38

If I were going through these, I would try to come up with ways to memorize them as follows:

W45^pd2s&dVpv38 à When shooting a 45 into the air, the police department is too likely to see and develop a peeved outlook in 38 seconds.

Something else I found quite helpful was this website’s incorporation of a memorization technique. Each password you generate comes with a set of words and characters that may help you commit it to memory.

Example: (sP,mPZ?WR>S94@C

( skype PARK , music PARK ZIP ? WALMART ROPE > SKYPE 9 4 @ COFFEE

 

Other Tips

Don’t reuse passwords – once a password is compromised, whoever gained access to it and your account can unlock every other account with that same password. This is like the end of a treasure hunt for a hacker (a really easy treasure hunt). So, I recommend using password management tools such as 1Password or LastPass. That way, you only have to commit one strong password to memory, and all the rest are safe and sound.

The drawback to such tools is logging into accounts on devices you haven’t added 1Password or LastPass on, or devices that don’t have plugins for those tools. In this case, I recommend still memorizing your most commonly used account passwords such as email, banking, and social media. You can still use the tool for everything, but if you’re stuck without it, you’ll still have access to those important accounts.

If you don’t want to use a password management tool, however, you can simply use several complex passwords for your main, important accounts, and use two or three other passwords for everything else. This is much less secure and could lead to accounts being compromised in the future, but at least you don’t have to rely on another tool and can remember everything.

Lastly, try to avoid storing them in a text file, document, or spreadsheet. If someone were to gain access to your files, they could easily hack your accounts with this information. Consider, once again, a password management tool to store that information or a notebook you put away in a secure safe at home.

 

The Next Step

I know, I know… this was a lot of information. You may not have even wanted to think about passwords. But, this is a necessary evil that could protect you from the enormous frustration and hassle of being hacked. If you’re overwhelmed, that’s normal. Take a moment to breathe, and come back to these decisions later. I hope you have learned something today and will reconsider reusing that same ILov3Y0u password next time you sign up for a subscription box or Netflix account.

If you have any funny password stories (that won’t compromise your security), share them in the comments below! We would love to hear from you. Now, take a breather, take a walk, or talk a minute to generate some secure passwords!