More and more places are requiring users to create strong passwords for their accounts. Although this is wonderful for security, it can be a challenge for users to implement. A strong password has numbers, symbols, and upper and lowercase letters, and is at least 8 characters long. There are websites that will produce a strong password for you (search for “password generator”). The trouble is, people have a hard time remembering random sets of characters, or even a familiar one with things like “$” and “#” thrown in. That sheet you carry around with all your passwords written on it is identity theft waiting to happen. What can you do? Fortunately, there is an easy and effective way to use strong passwords that makes them memorable and unique.
THE BASE PASSWORD
To have a secure password, users are advised not to use
- Their own names
- A relative or close associate’s name
- A pet’s name
- Any word in the dictionary
- Accessible dates such as birthdays and anniversaries
- Familiar numbers such as phone numbers or addresses
- Sequences such as 123456 or abcdef—or even qwerty, zxcvbn, and azsxdcf
but doesn’t that pretty much rule out anything you could remember?
Fortunately, you can make any of these into a strong password by substituting symbols for letters and breaking up numbers. Common substitutions are:
|A||@ or ^||L||! or | or l||0||O||7||>|
|B||6 or 8||M||^^ (2 chars)||1||! or l or |||8||B|
|I||! or | or l (lc L)||T||+||6||b|
There are other symbols available ~`#%&*)-_=}]:;'”<,./ that you can also make use of. Just assign a consistent meaning to each symbol.
Once you have alternatives for letters, you can use the forbidden names and words by substituting the symbol or number wherever you can. You can use numbers or dates by breaking them apart or substituting letters and symbols for the numbers.
For example, if I wanted a password of PLSmtih1205 (my name and birthday), I could make that strong by changing it to 12P|$^^i+h05. That would be impossible to guess and would even take a computer a very, very long time to come up with. In this example, I didn’t change the “i” because I had so many symbols. I could, of course, use one of the substitutes for the “i.” I could also just leave the date at the end and change a number or two, such as using the uppercase “O” for the zero and “S” for the 5: P|$^^i+h12OS.
The key to using this method is creating a strong base password using substitutions, and being consistent with those substitutions, especially if you are substituting for an “A,” “B,” “C,” “I,” or “L,” using one of the other symbols to stand in for a letter or number to which it bears no resemblance, or using alternatives for numbers. Choose names, words, or phrases that matter to you. Add meaningful numbers, again in a consistent pattern. Choose numbers from one of the forbidden items or just ones you favor. Decide if you will make any substitutions for the numbers, and, if so, which ones (you do need some numbers to make a strong password).
Although this construction sounds complex, it’s quite easy once you get used to it. And all you have to remember is your words, numbers, and which substitutions you chose. That sounds like a lot, but remember that you have selected meaningful words and numbers, not something random.
Next time, I’ll tell you how to take your passwords to an even higher level of security while keeping things easy.