After reading an article about the worst passwords for 2017, I found it humorous but also wondered what could help folks who need to manage many passwords and are concerned that they won’t remember them. Nowadays, we need to manage passwords on many sites and services, since you really should have a unique password for each and never reuse a password, and this can be a daunting task.

Let a machine do it

The first thing I would recommend is to use a password manager. LastPass (www.lastpass.com) has an excellent free service for storing and retrieving passwords and integrates with most browsers and devices. It has a feature that can generate strong passwords for you, and since it auto fills forms, you may not ever even need to see your passwords. Make sure to protect your account with two-factor authentication, and it can make your life a lot easier.

Do it yourself

If, however, using a password manager is too much to ask, or your office environment does not allow it, I offer this recipe for generating passwords that are easy to remember and follow the basic rules of password strength. Your mileage may vary, so don’t take this method literally, but it can be used as a guideline.

First, get the basics out of the way. Most strong password algorithms require at least one number, one uppercase character, and one lowercase character. Many also require at least one special character.

It’s not well known that the complexity of the password is not only in the random shuffling of characters and case but also the password length. Using a long password can help make it stronger.

Get creative, but stay memorable

Invent a strong, reasonably long prefix that can be used at the beginning of every password, something that you’ll be sure to remember. Be careful, however, that you don’t use common words that are too familiar or right out of the dictionary. Password crackers use dictionary words to try to guess passwords, so it would be good to use at least one made up or purposefully misspelled word. Here’s an example:

StellrDadToken-4-


Then, add the website or service you’re using the password for to this prefix. For example, If I’m visiting Microsoft.com, I may use the site name, or maybe the software I'm buying

StellrDadToken-4-microsoftcom
StellrDadToken-4-msoffice


Some sites and services require that you change your password periodically. This can be achieved by adding the date to the end, keeping to the month so there’s less to try if you miss.

StellrDadToken-4-microsoftcom201807
StellrDadToken-4-microsoftcom201812


And there you have a strong password that would pass any password strength checker.

Feel free to share this recipe, but never, ever share your password with anyone.


Also published on Medium.com

Last Updated October 14th, 2019