Your Password Stinks. Here's How to Fix It.Filed on Jan 22, 2014 by AnthonyDiSante
Passwords stink. At least, most passwords do. Are you one of the many people who use embarrassingly-weak passwords like "123456" or "password"? If so, the bad news is, you might already have had your bank account hacked or your identity stolen, whether you know it yet or not. And here’s some more bad news: even your super-clever "m0nk3y55"-type passwords aren’t much more secure.
The good news is, using strong passwords really isn’t hard. Sure, it’s less convenient, but it’s definitely doable.
There are two good solutions: first, if you just can’t be bothered to use strong passwords, and you don’t mind giving up control of your passwords to a third party, then you should use LastPass. This lets you use a single strong master password, which is the only password you need to remember, because the LastPass software automatically generates and autofills a unique strong password for each website that you visit.
But what if you don’t want to give up control of your passwords? What if you don’t want to trust them to a third party like LastPass? The second solution is just a bit harder: use a strong, unique password for each website that you visit.
At first, that sounds hard: I have to remember dozens of different passwords?? Actually, you don’t; you just need to create and remember a password formula. This is a simple formula, whose goal is just to create a password that’s long (~20+ characters) and that changes for each website.
Start by picking three words, any three words, as long as they’re not too short. For example: purple bicycle snowstorm.
Next, look at the website you’re using, say gmail.com. Take part of that website, say the last two letters ("al"), and insert them between your first two words.
Then to get some numbers, take the length of the website name ("gmail.com" contains 8 characters) and put that between your last two words.
Result: your password for gmail.com is "purple al bicycle 8 snowstorm". This password is far more secure than most, because it’s too long to be quickly/easily cracked, and because it’s different for each site, so when a website’s password database gets stolen -- which happens pretty often -- the thieves will only get this one password, not your password for every site that you visit.
And the beauty of it is you don’t have to struggle to remember a bunch of different passwords; you just need to remember your formula, which is pretty easy once you’ve used it a few times.
If you want to get even more advanced, you can find more details on password strengthening at Steve Gibson’s Password Haystacks page at GRC.