I’ve been thinking about password security recently. Like many people I generally use one “strong” password for most of my access in cyberspace. The memorable strong password idea is definitely an improvement over the oldskool practice of changing a password every several weeks, which invariably led people to write down their passwords, making security as flimsy as the yellow post-its they were written on.

Hence the memorable strong password. To be considered strong, most recommend a generous mix of the various sets of keys available on the keyboard:

lowercase letters
uppercase letters
numbers
symbols (e.g. $, @, ., <, etc.)

There are many ways of making a memorable strong password… (the one that should be avoided is simply substituting numbers for vowels… there are hacker dictionaries out there that can automatically try p4ssw0rd as easily as password.) Say you have a strong password that’s memorable to you because it combines the year your parents got married, let’s say 1976, together with a phrase you like, such as “Let the good times roll!” It’s easy to turn those ingredients into a very strong, memorable password, such as, 76/L#tr!19 in just a few steps:

1976 Let the good times roll! (the ingredients)
1976 Ltgtr! (the initials of the phrase with the punctuation intact.)
76/Ltgtr!19 (splitting the year and inserting another punctuation mark after the first numerical part)
76/L#gtr!19 (replacing the t for “the” with a symbol)

The latter is an extremely strong password and should be very easy for the user to remember, so it never needs to be written down.

However, it only takes one shady cybercafe or one phishing site to steal your password, which might very well be the same password you use for your banking, email, and more. Is there a way to create many passwords that are just as strong, but customized for each site you use in such a way you can type it almost automatically?

I believe there is. What if you combined your strong password with an element of the site’s name? The sky is the limit on the possibilities, but if the same pattern is always used, each password should be instantly recallable.

Say you have passwords for Amazon, Gmail, and Paypal. You could take the first two letters of each and put them over the last two numbers of your password to keep it relatively short:

76/L#gtr!Am Amazon
76/L#gtr!Gm Gmail
76/L#gtr!Pa Paypal

The passwords are short, quickly typeable, easily memorable, and completley different. Or if you prefer, you could use the first and last letters, or the first two vowels, or some other consistent rule, and put them in a different place in the strong password structure. Just remember to keep it simple for you and impossible for anyone else. Here’s a variation using the last two letters of the site name capitalized and replacing the L# of the strong password structure:

76/ONgtr!19 Amazon
76/ILgtr!19 Gmail
76/ALgtr!19 Paypal

Again, the passwords are all strong, and all so easily memorable they should never need to be written down. But this technique’s true value lies in the uniqueness of the passwords. Should someone learn your Amazon password, he or she will still not be able to login to your Gmail or Paypal accounts.

A couple of closing thoughts… there are unfortunately still many sites that only allow alphanumeric passwords… no punctuation symbols can be used. Just keep the password as strong as possible for these sites, using lowercase, uppercase, and numbers.

Secondly, if you’re a traveler, make sure your password is possible to type quickly on any keyboard of any country you’re likely to be in. Some of the punctuation symbols on the US keyboard layout do not appear on the keyboards of other countries or require “dead keys” to produce which may not register as single characters for password purposes. For instance, our straight double quotation marks are not used in many countries. Symbols like |, [, and ^ also might not appear on international keyboards or could require additional keystrokes to type even if they do. It’s probably best to slightly limit the symbol set for your password to symbols universally used in math or on the Internet, such as # . , @ !  + – / etc. See Wikipedia’s article on keyboard layouts for more information.