One common weak link in IT’s security strategy: users’ bad password practices. Here are a few methods you can use to help users remember passwords — without making them easy for hackers to figure out.
1. Turn letters into numbers or other characters
One common strategy is for users to pick a word or phrase that means something to them, but then tweak it so it’s almost unrecognizable. That can be done by using phonetic spellings and replacing some letters with vaguely similar-looking numbers or punctuation marks — such as replacing “a” with “4″, “l” with “!”, and “c” with “<”.
So, for example, a user whose favorite cereal growing up was Applejacks, could use “aPP!3j4x” as a password.
One strategy comes from a site called Diceware that offers users a way to come up with randomized, complex passwords that are still relatively easy to memorize. How it works:
The user rolls a common six-sided die five times to come up with a five-digit number. That number is matched to Diceware’s word list, which pairs every possible number string with a word. The process is repeated a few times until the user has a random string of words to use as a passphrase.
The site also recommends users replace one or more letters in the phrase with a number or special character.
3. Use an adaptable base password
One common password mistake is for users to use the same password every time they need one. One way they can avoid doing that — without making all their different passwords impossible to memorize — is to come up with a base password that can be added to depending on what the password is for.
For example, the base password could be the first letter of each word in the title of the user’s favorite song, followed by a number. Then, the addition could be every consonant in a brief description of what the password is being used for — such as “wrkml,” if it’s a password for the user’s work email.