Creating better passwords (that users can actually remember)

Just about every day there’s a news story that the age of passwords is almost over. Something – anything – more secure and easier to use is about to replace them once and for all.

We won’t hold our breath. 

The truth is that with each passing day, passwords are more and more ingrained in everything we do online and on computers. The average user has almost 20 passwords according to one study (or possibly many more, depending on whose figures you believe).

And although users are called on to make more and more passwords all the time and given unique criteria for each one, the blame falls on them for repeating passwords or not making them strong enough.

Passwords don’t have to be terrible

There are ways you can help users create strong, easy-to remember passwords. But the first step is to convince them that a stronger password is in their best interest.

Remind users that the headache of creating a strong password pales in comparison to having to recover from a cyberattack. Somewhere around the fifth minute of talking with the bank’s fraud investigators, users will wish they’d gone with something other than their dog’s name.

Here are several strategies you can share with users to create better passwords without them having to write the passwords down or constantly reset them.

  1. Substituting letters. One easy method to change simple passwords to more complex ones is to substitute letters of easy-to-remember words. You could simply go with converting a to b, b to c, etc. (so “dolphin” would become “epmqijo”) or by shifting your fingers one key over on the keyboard (in this case, dolphin would be “fp;[jom”).
    While the latter method is more secure, it requires your users to be excellent typists, and they could run into trouble on touchscreens where the keys are arranged slightly differently.
  2. Tell a story. Another popular method for creating a strong password is to tell a story, then take the first letter from each word. For instance, “My husband’s first name is Bill. He was born on August 12.” Would become “MhfniB.HwboA12.
  3. Don’t tell the truth. For added security on method two above, use information that isn’t easily found online or is flat out made-up. It may make it slightly harder to remember, but it’ll also make it harder to guess.
    And avoid telling the truth on security questions. If hackers aren’t able to find out your first pet’s name or what street you grew up on, chances are they wouldn’t have been after your information anyway.
  4. Add tags. Once you have a strong password, you won’t want to repeat it across sites. Then, if your credentials are stolen in one place, they could be used anywhere else. Adding a brief tag to the end that says which site you’re using the password for can help (and adds characters to your passw0rd). For instance, you could use “-db” at the end of your Dropbox password or “-Apl” for Apple passwords.
  5. Use other tools at your disposal. Password managers and two-factor authentication can add an extra layer of security if these are available to you, use them.

Bonus: 3 password strategies not to use

There’s also plenty of bad advice out there when it comes to creating passwords. Here’s some that you’ll want to encourage users to avoid.

  1. Don’t use lookalike characters. If you’re switching @ for “a” or 3 for “e,” you’re not actually making passwords more secure. This tactic is so well known that most password crackers will try it anyway.
  2. Don’t use anything you can read. If a word is in a dictionary, the Bible or just about any other written text, it’s in password crackers that are easily accessible to just about any hacker.
  3. Don’t make your password correcthorsebatterystaple. Just about everybody has seen that comic strip. Even some websites are onto your game.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy