October 8, 2016
Unique passwords made easy—but not easy to guess
by Heather S., GCI Director of Digital Marketing
Chances are, you use dozens of sites that require you to log in with a user name and password—your bank, your email, your favorite online stores. We’ve heard that we should use a different password for each site, but so many of us don’t. It’s hard to remember all those different passwords! Here are some tips to create unique passwords that are easy for you to remember, but hard for others to guess.
The key to remembering a bunch of different passwords is to make sure they each have consistent elements without being identical. That can be tricky, with more and more sites requiring long and complicated passwords. So let’s look at what makes up a good, strong password.
A strong password typically contains:
- Lots of characters. The longer the password, the more secure it’ll be. Aim for 15 characters.
- At least one letter—preferably multiple letters with at least one capitalized
- At least one number
- At least one special character (like a punctuation mark or symbol)
The string of characters you use for your password should also seem random. Dictionary words, names, and predictable patterns (such as QWERTY or 987654) are too easy to hack.
By creating a “base” or “master” password with all of these elements, we won’t have to change up the formula for sites that have tougher password guidelines than others. Once the base of your password has been established, you can add to it to create a custom password for each site you use.
To start, pick a phrase that you can easily remember—perhaps lyrics to your favorite song or a funny or inspirational quote.
Let’s start with this: See you later, alligator!
Now shorten it by using the same tricks you’d use when getting a custom license plate:
You can also try using the first letter of each word of a longer phrase, making sure to include at least one number. Whichever method you choose, be sure to use more than a single word, which is relatively easy for password cracking applications to guess, even with character substitutions.
In this example, I’ve capitalized the first word of each word to give us a mix of upper and lowercase characters. Now, let’s introduce some special characters by swapping out letters for characters that look pretty similar.
Here, I’ve swapped the “i” for an exclamation point and traded out the “A” for an at symbol.
That’s 12 characters down, which is a great base for all your passwords. We’ll use the remaining characters to customize this base for each website.
One way to customize your password for each site is to use the site’s name in your password. So if you’re creating a password for Facebook, you could use the first five letters of the name and end up with:
This password is relatively easy to remember, and it meets our criteria because it has:
- 16 characters
- Three capital letters and 5 lowercase letters
- Two numbers
- Five special characters (! and @)
Other special character substitutions you can use include:
- A = 4
- E = 3
- L = 1
- O = 0
- S = $
- T = +
So if I were to adapt this password for my Google login, it might look like this:
And a Pinterest password might look like:
You don’t have to keep the site-specific letters at the end. Feel free to use them at the beginning or even in the middle of your password. And don’t use any of the examples I provided above, since they’re now posted on the Internet.
And if all this seems too difficult to remember, you can download and use a password manager like LastPass, KeePass, or PasswordBox. These apps will store your passwords securely—provided you use one really strong but memorable password to access the application.