How To Create Secure And Easy To Remember Passwords

For my Cybersecurity class, I presented an extra credit lesson on how to create secure and easy to remember passwords that would help people with vision loss (inclusive of low vision/blind) create strong passwords and avoid reusing the same easy-to-guess password everywhere. Here is a copy of the presentation in blog post form that talks about password safety and coming up with passwords that can easily be remembered while still being difficult to crack.

Why using the same password is a bad idea

It’s tempting to use the same password for everything, and I know a lot of people who do this, even though they know it is a bad idea to do so. But just how bad of an idea is it?

If a person can guess the password to an email account, they can go in and change all other passwords associated with that email
Websites can be compromised and have passwords leaked, and it will make it easier for hackers to find the passwords to common accounts
For a user that creates a password that contains a word in the dictionary, a password with 6-8 characters can be guessed by a password cracking program in about thirty minutes.
By adding characters such as letters, numbers, and symbols, the time to guess a password increases to be several hours, days, weeks, months, or even years.

Creating a base password

One of my favorite tips for how to create secure and easy-to-remember passwords is to use a base password that changes for each website, adding characters, symbols, numbers, and other things to make it secure and unique. To demonstrate what this looks like, I will use the base password “frenchfries“- another popular choice I’ve used for coming up with base passwords include song lyrics because I can write the song name in a password book without having to write out the actual password.

Capitalization

Adding capital/uppercase letters, especially at different intervals, makes passwords more difficult to guess. “frenchfries” can be upgraded to “FrenchFries” or “FrenchFrieS“, which is more difficult to guess while being easy to type.

Replace letters with numbers

Replacing letters with similar looking numbers within a word can help with security, especially if there are alternating numbers and letters. Using the “frenchfries” password, users can replace the vowels with corresponding similar looking numbers, so the password would be “fr3nchfr13s” instead.

Symbols

Adding symbols can help make passwords more secure too. For users that use modified keyboards, pick easy to reach symbols such as periods, dollar signs, exclamation points, or similar. Our base password can be improved by adding just one symbol, but I usually add a few more and combine it with uppercase letters and numbers too. Some examples are “?frenchfries“, “frenchfrie$“, or “french.fries”.

Add an extra word or letters

Remember how a program could guess a short password in 30 minutes? Add on a few extra letters or words, maybe even creating a sentence for a password. Examples could be “largeorderfrenchfries” or “ilikefrenchfries“.

When I use passwords that form a sentence, I typically use camel case or pascal case, capitalizing different words in the sentence. So the passwords would actually look more like “LargeOrderFrenchFries” or “iLikeFrenchFries”.

Add the website name

Here’s a cool password trick I learned to make passwords longer. Add the website name to the end of the base password so the password is easy to remember, yet different for each website. Again, add symbols, numbers, and uppercase letters to make it even more secure. If I was logging into Twitter, my password could be “frenchfriestwitter” or “frenchfries.Twitter“, modified with uppercase letters and numbers.

A note on password management software

There are many great password management and generator software, such as LastPass. However, if you frequently use accounts on devices that are not your own, such as in a computer lab, I would caution against having this software generate passwords, though having it store passwords is fine. It’s also worth noting that some websites may not support using password management tools- my university and bank are two examples of websites that do not support this.

Summary of how to create secure and easy to remember passwords

It’s important to use different passwords on websites and avoid using the same password, so that if there is a password leak, not all accounts are compromised
A password with 6-8 characters can be guessed by a password cracking software in about 30 minutes
One way to create secure and unique passwords is to have a base password and have a different version of that for each website
Add capital letters to the base password, or replace letters with numbers
Add an extra word or letters to the base password
Add the website name to the beginning or end of the password
Avoid having password management software generate passwords, as this can be difficult to use when accessing websites from other devices, i.e in a computer lab