Password Magic

password-key-image-from-shutterstockPassword Magic: a reader asks…

Is there an easier way to make hard-to-guess passwords that I can remember? I’ve been using various combinations of my dog’s name, names of my kids, and so on. I don’t want to use a password manager because I only go to about a half-dozen places online. So I’ve been creating one basic password and varying it for each place I go.

I hope you’ll reconsider using a password manager (like https://www.lastpass.com) as that’s the best way to keep your online identity secure. Using the same password across multiple locations is a hacker’s dream, and even small variations can be hacked fairly easily. That said, if you’re determined to do without, then you might want to try the diceware method and then add variations for the different online destinations.

Diceware-Dice-Rolls-image-from-dmuthdotorgDiceware is a method where you roll a die (or dice) to come up with five, 5-digit numbers. You then use a published table (here’s one) to convert those numbers into five unrelated words. Those five words strung together become your password. That may sound like a lot of characters to type, but at this point in time, anything shorter than a 13-character password is easy for a hacker to crack, no matter how random the characters are. At this point I’m recommending 15+ characters and 21 characters or more is going to be really secure (as long as they’re random enough).

Alternatively, you can just come up with five words (try to choose most of them as longer than 3 letters) that are completely unrelated to each other. You can then make up a story about them to help you remember. Then say the words (or story) to yourself as you type them. Here’s an example:

young-adult-telling-story-to-audience-image-from-shutterstockFive Words: picnic, barber, cop, basket, chuckle

Story: At a picnic, I met a barber who part-timed as a cop. He held a basket full of red noses, which made me chuckle.

Type it like this: picnicbarbercopbasketchuckle (that’s 28 characters, awesome!)

Now you can swap out barber and/or cop to something else, keep everything else the same and use a different password for each of your online destinations.

One other alternative is to create a long sentence and then use the first letter of each word to make your password. For the above sentence (the Story), that’s:

AapImabwptaacHhabfornwmmc (that’s 25 characters, great!)

This mnemonic method has been used for a long time (I used to recommend it), and you can spice it up by swapping out numbers or other type-able characters for specific letters, like use the number 2 for the word “to” or “two” or “too”, use the number 1 for any letters “i” or “L”, swap out the number 3 for “B”, and so on. If your mnemonic has the word dollar in it, use $, replace “at” with @, replace “and” with &, replace “up” with ^, and so forth. You’ll still have to commit that long password to memory (saying the sentence while you type the characters), and varying that for different online destinations might get a bit complicated.

Advertisement

lastpass-logoBut I want to reiterate my recommendation that you use a good password manager program. LastPass offers a service that for $12/year allows you to install a LastPass app on your smartphone and as an extension or add-on to your web browser (on as many computers as you like). You create one single really good password (perhaps using the above method) which you commit to memory, and let LastPass create and remember all the rest for you. The web browser extension (works for Internet Explorer, Safari, Chrome, Firefox and Opera on Mac, Windows or Linux computers) will help you fill in the password when you visit websites that require a login.

duosecurityWhy is using a good password so important? Hackers are continuing to take advantage of human nature, where most people use an easy-to-remember password. Our thanks to Duo Security for compiling a list of the 250 most-used (and therefore least secure) passwords. OK, I cut out the common passwords that aren’t polite to use in public, but you can consider these as also commonly used. You may want to peruse the list below – if you use any of these as a password, you should change it immediately!

123456, 000000, 123, 1111, 1234, 12345, 111111, 112233, 121212, 123123, 123321, 159753, 222222, 654321, 666666, 675309, 696969, 1234567, 7777777, 8888888, 11111111, 11235813, 12345678, 123abc, 123qwe, 1q2w3e, 1q2w3e4r, 1qaz2wsx, aaaaaa, abc123, abcd1234, adidas, alexande, amanda, andrew, anthony, apples, asdf, asdf1234, asdfasdf, asdfgh, asdfghjk, ashley, austin, babygirl, bailey, banana, bandit, baseball, basketba, batman, biteme, blahblah, blink182, booboo, booger, boomer, boston, brandon, brooklyn, bubbles, buster, butterfl, calvin, charlie, cheese, chelsea, chester, chicago, chicken, chocolat, cocacola, coffee, compaq, computer, consumer, cookie, coolness, corvette, creative, dakota, dallas, daniel, danielle, darkness, deadspin, december, diamond, dragon, drowssap, eagles, elephant, elizabet, ferrari, flower, fluffy, foobar, football, freedom, gateway, gawker, george, ginger, gizmodo, gizmodo1, godzilla, goober, google, guitar, gundam, hahaha, hannah, hello, hello123, Highlife, hockey, hunter, iloveyou, internet, jackass, jackson, jasmine, jasper, jennifer, jessica, jezebel, jonathan, jordan, joseph, joshua, justin, killer, kotaku, lauren, letmein, liverpoo, london, love, madison, maggie, martin, master, matrix, matthew, maverick, maxwell, mercedes, merlin, metallic, michael, michelle, mickey, midnight, monkey, monkey12, monster, morgan, muffin, murphy, mustang, naruto, nicholas, nicole, nintendo, nirvana, nothing, november, oliver, orange, passw0rd, password, Password, patrick, peanut, penguin, pepper, phoenix, pineappl, please, pokemon, pookie, poop, poopoo, popcorn, princess, pumpkin, purple, q1w2e3r4, qazwsx, qwerty, qwerty12, qwertyui, rachel, redsox, remember, rosebud, samantha, sample12, scooby, scooter, secret, shadow, silver, simpsons, slipknot, smokey, snickers, snoopy, snowball, soccer, somethin, sophie, sparky, spider, spiderma, startrek, starwars, steelers, stupid, summer, sunshine, superman, swordfis, taylor, tennis, test, thomas, thunder, thx1138, tigger, trustno1, tucker, turtle, valleywa, voodoo, welcome, whatever, whocares, william, winston, wordpass, yankees, yellow, zxcvbnm

I should mention that passwords and passcodes are always case-specific. Meaning that a capital letter is different than a lower-case letter. Be sure to take that into account when using any of the above methods to come up with good passwords, although a password manager can easily handle that for you.

 

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:

Click or tap to open a new browser tab or your Venmo app and send money via Venmo to @positek
(@PosiTek)

Click or tap to open a new browser tab or your Paypal app to send money via your Paypal account to support@positek.net
(Support@PosiTek.net)

Click or tap to open a new browser tab or your Paypal app to send money using your credit card to support@positek.net (no Paypal account required)
(using any credit card)

or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!

Leave a Comment

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

This site uses Akismet to reduce spam. Learn how your comment data is processed.