Most passwords fail at one or both of these criteria. Passwords that are easy to remember are almost never the sort to satisfy the requirements of a secure content provider such as your bank. Your phone number is easy to remember and so are your initials; both are matters of public record and easy to guess (read: hack). On the other hand, think of the last time you had to come up with a password of more than 8 characters that had letters, numbers and a special character and remember what it was. Chances are you had to write it down, perhaps on a note next to your computer.
The truth is that the solution to making passwords good for both parties – you and your secure content provider – is not just yours to find. Secure content providers could help with more robust and user-friendly password patterns. Most sites that require passwords make it impossible to use a password you can easily remember. Financial websites in particular have password requirements that were not designed with “easy to remember” as a standard.
So, what’s a good way to come up with your own great password, one that you won’t have to write down near your desk and that will be impossible for someone to guess? Here’s a suggestion the experts say will work for just about everybody:
Here’s how to use this process
I frequently drive past the Shell station at the corner on Haywood Road when I go to my local bank’s branch office. So, my three words are “past”, “Shell”, “Haywood”. My neighbor three doors down is at house number 68. My punctuation mark is “|” because the station is on Haywood. My online banking password would be pastShell|Haywood68. Notice that I moved my punctuation mark to show the gas station is on Haywood. Now that I have the picture of this scene in my mind – the vignette – I can remember my password by visualizing the scene and remembering that there are three words, the number is of my neighbor three doors down (the one with all the kids) and the mark for “on”. This password is 19 characters long, is not a known word but is comprised of words that have no naturally occurring syntactical relation to each other. Equally important, it is easy for YOU to remember. Not only that, the password is easy to type quickly. It’s a GREAT password. But don’t use it for your own!
Here’s another example of how to make up a great password. Say in the Fall there is a beautiful oak tree and two traffic lights between your gym and your bank. A great password would be bank[oak2lights]gym. This example has another advantage. Some secure content providers limit the number of characters in a password, requiring the password be more than 8 and less than 15 characters long with certain character requirements (numbers, letters, and/or special characters.) This password would work in that case because you would simply type the password in its entirety while the content provider would ignore the characters after the limit. The letters, punctuation mark, and a number would be included before the character limit trimmed them out; the password would be a good one and satisfy the content provider’s password definition scheme.
Experts say that thinking up three words describing a regular event and sticking those words together in one long word is far and away harder to crack than shorter, “easier to remember” cryptic words with numbers, letters and marks. This approach works particularly well for financial web sites because it allows you to have a different password from other passwords, such as the one protecting your computer.
So, think of your own vignette, a scene that plays out regularly in your routine, and craft a password that meets the gold-standard of secure access: easy (for you) to remember and hard to crack. It will be GREAT!