Just recently a number of tech companies, including Yahoo, Adobe and Ebay sent out emails to their users asking them to change their passwords after an unknown cyber-attack compromised their databases containing customer information including names, passwords and credit card information. One of the more disturbing things that occurred as a result of these breaches was the release of user passwords. A recent report by Splash Data showed that the most common passwords found as a result of the breach was 123456 and password. Looks like we still haven’t learned, folks.
About a month ago I came up with an idea for creating strong passwords that I thought was worth sharing with the online community. But, before I do that I’d like you to try and memorize the password below.
Password– ctfoebtmhtstgsomnccfsolp: -(1984
Seems impossible? Well, it isn’t. All you have to do is follow a few simple steps to create a password that is easy to remember yet hard to crack.
Step 1- Find the lyrics of a song you really like and pick a stanza/verse from the song. Then simply choose the first letter from every word in the verse to create the first half of the password.
I’m a music lover and I particularly like old hymns. One of my favourite hymns is “Come Thou Fount of Every Blessing” so I chose the first verse of the song (actually half of the first verse) and used the first letter of every word as a character for my password.
“Come, thou fount of every blessing,
tune my heart to sing thy grace;
streams of mercy, never ceasing,
call for songs of loudest praise.”
Password: ctfoebtmhtstgsomnccfsolp
Step 2- Decide if the song is projecting a happy or sad emotion.
I decided that the hymn did not have a happy tune to it and so gave it sad smiley (emoticon) – :- (
Password: ctfoebtmhtstgsomnccfsolp:- (
Step 3- Add your birth year or any number you want at the end of the password.
I decided to add my birth year which is 1984 at the end of the password because it was simply easy to remember
Password: ctfoebtmhtstgsomnccfsolp:- (1984
That’s it. You now have a strong, easy to remember [yes, hard to crack 😀 ] password.
Note–
No password is completely immune from attackers. The most secure passwords are usually more than 10 characters long and use alpha numeric combinations with punctuations to confuse hackers.
To increase the complexity of your password you can capitalize the first and last letter of your password, this will increase the time hackers take to crack it.
If you would like to check the strength of your passwords you can visit the Kaspersky blog to do so (I strongly recommend constructing fake passwords and then testing them)
In addition to testing the strength of your password you can check if your accounts have been compromised in the latest cyber-attacks against Yahoo, Adobe, etc. by visiting haveibeenpwned.com
~Aaron
Thanks…easy to do and remember.
I translate a common English phrase into an obscure language via Google Translate. For example, “today is Wednesday, June 4″ becomes, in Cebuano,”Karon mao ang Miyerkules, Hunyo 4.” Eliminate the spaces and you get
“karonmaoangiyerkuleshunyo4.”
Other letters, numbers, symbols, etc. can be inserted. The tricky part is remembering the English words and the language into which they are translated.
You can mix in CAPS and non caps by using mnemonics like” Hail Mary full of Grace” or “Mary had a little Lamb” this gives you HMfoG or MhalL and mixing in numbers HM1foG2 or Mh3al4L and the occasional (!) !HM1foG2 makes it even stronger…Numbers in series lets you get away with the deadly same password for multiple sites. 1HM1fo2G for site #1 2HM1fo2G for site #2 etc……
Hi Aaron,
Thanks for your tip to create a very tough password. I also like to point out that we need to create different passwords for important sites such as Banks, Mail A/cs etc. Otherwise, one’s strong password also becomes vulnerable. A cracker needs to break only one site to gain information about one’s other sites.
As I find remembering different passwords to be impractical and confusing, I record them in my own codes to refer every time. Say for ‘Jane went to Market’ can become JWM. One can add more to it with ‘+’ for variations. To make it short, one has to code them so that it is easy to understand for self while difficult for others. There are also free password managers on net to use.
Great point K.Vee Shanker!
Finally, someone has come up with something that’s easy to do and remember!
Thanks a bunch.
Great tip. Am running out of ideas. Clear, simple and concise wording without so much talking.
Hope you have more tips to give. A pleasure to read.
Another idea – When creating different passwords for different sites, you can always just throw the first letters or initials of a website in front of the password. For example, YH for yahoo, GM for gmail, WS for worldstart, then continue with the password.
Great point Audra!
Terrific idea, it intuitively suggests other alternative secure methods…..
The blog said,” after an unknown cyber-attack compromised their databases containing customer information including names, passwords and credit card information.”
Passwords and probably all other data are not stored in databases, they are stored in hashed form. So as these hashed forms are not easily ‘reversed’ to reveal the actual password (by using tables of common passwords) then just a reasonably mixed password is necessary and in case you lose/have stolen a laptop or have dodgy friends/relatives around.
My son-in-law suggested I pick a couple of words that fit that site ie: dangsite, painNpatutee, add number(s)and symbol(s) as needed. I forget far fewer of them since I switched over and nice to know they are harder to find with programs. Change placements of capitals, etc. but keep it so it makes sense to you.
Tks for sharing this great info. I heard about this from a friend of mind & have been doing it this way ever since I heard about it.
Tks
S
So, now I have to remember which song I used for each password or do I use the same password for everything?
All of these are good ideas, but not all accounts have the same password protocol. E.g. some require one or more numbers, symbols, upper or lower case, etc. Some symbols are acceptable and others are not. So it is difficult to have a basic password that will suit each account.
Keep the password but then add abbreviations for different things such as “wStrt” for “Worldstart” – “Bnka/c” for bank account and so on. Still very easy for you rto remember but very difficult to crack.
i try to observe good rules on passwords. But I do keep them in a file which is, itself, encrypted. This make it easy to put in complex passwords quickly, using copy and paste. I need hardly say that the password for encryption is very difficult indeed. But it’s all I have to remember.
I’ve adapted the Verse idea to use a verse from the Bible. the first letter and anything pertaining to God is capitalised, and the reference contains a colon and digits. As in: Imitate God therefore in everything you do Ephesians5:1 – becomes:IGtieydE5:1
Hi Aaron, i really enjoyed You being free to mention the use of initials an old hymn You are fond of. Thank You for sharing Your insights,
Curtis
I love all the suggestions but I forgot I can use medical transcription words as some of them are extremely hard to remember even if you’ve done medical transcription. I also like the one about songs as I wouldn’t be good at songs but using old Irish sayings that most people wouldn’t know from our family would be extremely difficult to hack as some of them are pretty weird. I also thought of all the prayers we learned as a child which for me will be a goldmine. Thank you everyone for your suggestions as a lot of my passwords are not very good. I especially like Cynthia’s articles as I swear I learn something from every single one of them; she really knows her computer …….. -:)
If you worked in the Chem/Petro chem industry you could use the names.formulas of the products made: H2SO4HNO312/11/22/152A/142B/OxalicAcid+CTFE
Some banking sites still only allow alpha-numeric passwords only. Then what?
How does the hacker know how many characters are in the password?
Sometimes they guess based on common passwords like “password” and sometimes they’re using programs that just run possible combinations.