How to Create Secure Passwords
People complain about passwords all the time. Whether it’s about how often they need to change it, how complex it is supposed to be, or just the fact they have to enter one all together. It leaves people wondering how to create secure passwords that are easy to remember?
While there are many companies looking to implement more secure solutions than passwords, like biometrics (fingerprint or facial recognition), unfortunately standard passwords will still be in use for many things for a long time still.
One of the best secure password practices you can implement is to make sure you use a different password for every account you have a password for. Most people pick a standard password and use that across the board for everything from fitness apps to their work email.
Unfortunately, when you use the same password for all accounts, a compromise at one location can put the rest of your accounts at risk. Usernames and associated passwords are for sale by the thousands on the dark web.
How to Create Secure Passwords in 3 Steps
With the complexity requirements and SO many accounts that require passwords these days, we understand it can be difficult to have a different password for every account. However, I have great news for you! Here is a great way to create a SECURE password that is unique to every account.
Step One – Come up with a standard set of words that are easy to remember.
The trick to how to create secure passwords in 2021 is to string together random words that mean something to you so they are easy to remember. The new NIST guidelines is that length is strength, so a nice long password is going to be more secure than a random string of letters, numbers and symbols.
For example, if you are passionate about keyboards, surfing and skateboarding you could use KeysDeckWaves. If your words are longer, two might be sufficient.
Step Two – Create an algorithm.
Once you have your standard set of words, it’s time to wrap those words to make them unique to the specific service you are logging into.
If you are creating a password for Amazon you could wrap the words in the letters of amazon like AmaKeysDeckWavesZon. Or you could take the first 2 letters of the service and the last three letters of the service, or 2 or 5. Whatever you use, whether it’s the full name or just a select number of letters, just make sure it can be consistent across the services.
Next lets add some numbers to the mix! Again, this algorithm should be unique to you, so make sure you aren’t just copying the examples!
You can pick the number of letters in the service, and then multiply that by a number you have previously selected. In the Amazon example there are 6 letters in Amazon. You can multiply 6 by 3 (if 3 is your number of choice) giving you 18. So now your password reads Ama18KeysDeckWaves18Zon.
You can also base your number on how many letters are at the beginning and the end. For example if you are creating a password for Gmail and you use 3 letters at the beginning, but there are only 2 at the end, you could multiply both numbers by your chosen number (3) giving you 9 and 6. Now your password reads Gma9KeysDeckWaves6il.
Just make sure your number generation makes sense to you.
Step Three – Add a symbol, if you must
Some services still require you to use a symbol in your password. Although the NIST standards no longer require it, you might just want to add a symbol to the mix so you don’t have to change your algorithm based on the services that may or may not require it.
We recommend you just stay away from the exclamation mark, as that is a standard symbol most people use at the end of their standard password to satisfy the requirements. You can choose where in your algorithm to add this symbol. Whether it’s after the first number, before it, after the first word, etc. Just make sure it’s consistent across the board. As always.
Now you should be able to come up with a unique password for every account that is secure and EASY to remember.
Eric is the owner and CEO of Protek Support and is a CISSP (Certified Information Systems Security Professional). He graduated from Utah State University with a Bachelors of Science degree in Business with an emphasis in Information Technology (IT). He is an IT Services expert in a variety of technology related fields. Some of these fields include document management software/hardware, enterprise level networking and VoIP phone systems, as well as large scale software implementation projects and the setup of small business networks.