We all need to use passwords. Everyone should use password managers. Most of us don’t. This guide will give you the framework to create many strong passwords which are easy to remember.
## Step #1: The Base password
First you need a base password.
Think of 3 of your favorite things. Choose something positive.
For example, I like to read, eat pizza and listen to Nick Cave.
So that gives me:
Now separate each word with your favorite special character.
Let’s say I like money, so I’ll use that for this example. And I get:
Now add a familiar number which you’ll always remember.
Your postal code, birth year or something similar.
Whatever it is, just remember that method.
For example, if my postal code would be 113355, I could use that, and get:
This easy method gives you a pretty long password. It also satisfies all of the requirements of a strong password: stuff like upper and lower case characters, numbers, special characters, etc.
And you get all of this without even thinking about it really.
This can be your BASE password. It a pretty strong password.
Now, the worst thing you could do is to use this awesome password for all of your accounts. Just trust me, and don’t do that.
There’s a better solution.
## Step 2: Self explanatory passwords
So let’s say, I use a password
Kindle$Pizza$Cave113355 for my primary email account. That’s easy to remember. I use it only there, and that’s it.
Now, you can make your strong password unique with a special identifier for each of your accounts. It sounds complicated, it’s not really.
For example, I use Twitter. I could use
TW or something like that. I can add it at the beginning, end or even split it up. So, my password for Twitter could be:
For Facebook, I could have:
You’re really just typing things you like, and remembering a method you chose.
## Step 3: Time to change passwords?
Most of the cybersecurity professionals will tell you that updating your passwords regularly is a good practice. Well, that’s not really true anymore. But that’s a topic for another post.
So, whether you’re forced to change your passwords at work, or you just think it’s time for you to update your passwords, this framework makes it very easy.
All you need to do is to change your method.
So, for example, if I’d be really lazy, I could just shift things around, and from my old password for Twitter
TW$Kindle$Pizza$Cave113355 get to new one:
And that’s usually good enough.
But it’s recommended that you change the key words of your password. You can use your favorite quote, or pretty much anything easy for you to remember. Then just follow the same method.
## Further steps
You might wonder, “what if an attacker gets my password and sees my method?”
Yeah, that is a risk for sure, which we could analyze.
You’d need to figure out your threat model.
I will teach you how to do that in one of the next posts.
But for 99% of people online, this is a really great way to have long, unique passwords.
Here’s one last thing you should do today:
Go to https://haveibeenpwned.com/Passwords and type your password. If you see a message like “Good news — no pwnage found!”, you’ll know that your password is not among the list of currently known breached passwords.
That’s good. It means that your password (and your method) is not leaked, and it’s still a secret known only to you.
Go to https://haveibeenpwned.com/ and type your email. This way you can check if your email was leaked in some of the big, known data breaches. If yes - change the passwords on the breached accounts immediately.
Also, once you sign up, if your email ever appears in some of the breach known to https://haveibeenpwned.com - you’ll get an email notification about it, which is awesome.