Frank Groeneveld's blog

Fix Your Insecure Passwords

Everybody knows it, but nobody does it: using real secure passwords. One of the most heard reasons is the fact that people can’t remember weird passwords with all kinds of punctuation characters and no actual meaning. Well, I’ve never really had this problem. How do you remember those weird passwords you might ask. I’ll explain in this post.

Years ago I used one password for all my accounts. These days, a lot of services didn’t require user accounts, so I was actually using my password only for a hand full of services. When the number of account-required-services started to grow, it occured to me how insecure it is to only use one (easy to guess) password for so many different services. So I started to think how to make it more secure. The first technique I used is simple but very secure:

  • Think of a sentence, preferably a question or statement with punctuation characters. Now take the first letter and all these punctuation characters. This will be your password.

For example, How can I remember a difficult password? Like this!, will give you the password HcIradp?Lt! If you just remember that sentence, you have a very secure, long password that nobody can guess. This techniques has been known for quite some time and is recommended by security experts as well.

A few months later I had numerous different sentences to remember. This started to become a daunting task as well. So I came up with another technique:

  • Add some letters of the service in question to your password seperated by some special character like the pipe character.

This means that you can have one master password that includes a number of letters as a kind of salt. Every service will have a different password, but you can easily remember it. How is this done for the example password? Well, something like this might be an option:

Gmail password: gm|HcIradp?Lt!
Flickr password: fl|HcIradp?Lt!

Now that’s easy to remember right? These first few characters can also be found in the URLs of these services, so that makes it even easier. Now hurry up and fix those insecure passwords, but remember, a security question has to be very secure as well, because a lot of people might know your birthcity and it will make your password completely useless.