In today’s digital age, protecting your online accounts and sensitive information is more important than ever. With data breaches and cyber attacks on the rise, it’s crucial to have strong and secure passwords. But are you tired of constantly struggling to remember your passwords and feeling vulnerable to cyber threats? Have you ever wondered what makes a password strong and how to create one that is both easy to remember and hard to guess?
Look no further. In this article, we dive into the secrets of password creation and provide practical tips to help you create passwords that are not only secure but also easy to recall. From the XKCD and Schneier methods to using relatable acronyms, memorable visual images, mnemonics, and personalized approaches, we cover it all. So, take a deep breath, grab a pen and paper, and get ready to learn how to create easy passwords to remember but hard to guess.
How to Create a Strong Password (2023 and Beyond)
Passwords are a critical aspect of online security, but it can be challenging to come up with a strong password. Two popular methods for generating strong passwords that are easy to remember are the XKCD method and the Schneier method.
The XKCD Method
The basic XKCD method involves selecting 4-6 words from a dictionary and combining them to form a passphrase. For example, let’s assume you randomly select the four words “vulture“, “orchard“, “submarine“, and “pinball” to form your password.
Your passphrase would be “vultureorchardsubmarinepinball“.
The Schneier Method
The Schneier Method is another popular technique for creating a strong password by turning a memorable sentence into a password. The sentence can be personal, such as a favorite quote, a meaningful phrase, or a song lyric that has a special meaning. The idea is to take the first letter of each word and turn it into a string of letters, numbers, and symbols.
For example, consider the sentence “Love is the foundation of a strong marriage.” Using this sentence, the password would become: “Litfoasm.” To make the password even stronger, the user can add capitalization, numbers, and/or symbols: “LiTfOaSm” or “LiTfO@Sm” or “L!Tf0aSm.”
What Makes a Password Strong
On a very basic level, the strength of any password is defined by its sample space and entropy.
The sample space of any password is the number of possible combinations of the elements that make up the password.
If we take a simple 6-letter password with all letters in lowercase like “xdfjsh“, the elements of the password are the 6 lowercase letters. There are 26 letters in the alphabet, so each letter in the password has 26 possibilities.
The sample space is equal to the number of letters in the alphabet raised to the power of the number of letters in the password, or 26^6, or 308,915,776.
That means there are 308 million possible combinations of the 6-letter password. This is a big sample space, but it’s still far from secure by modern standards.
On the other hand, in a basic 4-word XKCD password like the example above “vultureorchardsubmarinepinball, the elements of the passphrase are the four words that were randomly selected from the dictionary.
Assuming the Oxford English Dictionary has approximately 171,500 words that are in current use, the sample space for this passphrase would be equal to the number of words in the dictionary raised to the power of the number of words in the password, or 171,500^4 = 8.65 * 10^20 possible combinations.
This is approximately 2.8 trillion times the size of the 6-letter password!
What that means is that it would take a hacker approximately 2.8 trillion times longer to crack this 4-word XKCD passphrase than the 6-letter password. This is why XKCD passwords can be so much stronger and more secure than simple alphanumeric passwords.
In comparison, the first password example “LiTfOaSm” created by the Schneier method uses 8 upper case and lower case letters. Since there are 52 possibilities for each letter in the password (26 uppercase and 26 lowercase letters), this password has a sample space of 52^8 = 5.34 * 10^13.
The password variation “LiTfO@Sm” uses upper case and lower case letters (52) and 12 special characters, therefore, giving it a sample space 64^8 = 2.81 * 10^14. Finally, the third example “L!Tf0aSm” uses upper case and lower case letters (52) plus numbers (10) and special characters (12), resulting in a sample space of 74^8 = 2.99 * 10^14.
The entropy of a password is also an important factor in determining its strength. The entropy of a password is a measure of its randomness and unpredictability and is often used as an indicator of its strength against cracking attacks.
Entropy is typically expressed in bits, where each bit represents an increase in the difficulty of cracking the password by a factor of 2. The higher the entropy of a password, the stronger it is.
Entropy is calculated using the sample space as follows:
Entropy = log2(sample space)
For the 6-letter password “xdfjsh“, entropy = log2(26^6) = 28.9 bits
For the 4-word XKCD password “vultureorchardsubmarinepinball”, entropy = log2(171,500^4) = 69.5 bits
The “L!Tf0aSm” password created by the Schneier method has an entropy of log2(74^8) = 49.6 bits
As we can see, increasing the sample space and randomness of a password increases its entropy and therefore makes it stronger against cracking attempts.
It’s important to remember that the specific entropy and strength of a password can depend on a variety of factors, including the specific implementation and the attack method used.
For example, the entropy for the 4-word XKCD password “vultureorchardsubmarinepinball” is 69.5 bits if an attacker is using dictionary-based attacks and knows the password is a passphrase made of words in the Oxford English Dictionary. If they don’t know that this is a passphrase and treated it as a 30-lowercase letter password and utilised a brute-force attack, the entropy would be log2(26^30) = 141, which is significantly higher!
Pros of the XKCD and Schneier Methods
Here are some of the benefits of using these methods for generating a password:
- XKCD passwords are based on natural words, making them easier to remember.
- By using a personal phrase and transforming it into a password using the Schneier method, the password is easy to remember than a random sequence of letters, numbers, and symbols.
- Using simple optional modifications to an XKCD passphrase or Schneier method password you can easily increase its strength, making it less susceptible to a dictionary or brute force attack.
Modifications may include:
- Increasing the Number of Words: Increasing the number of words in the passphrase will increase entropy. For example, using a five-word XKCD password would increase the sample space to 171,500^5 = 1.48 * 10^26 possible combinations, and the entropy would be 86.9. Using a longer phrase like “True love is about cherishing the small moments and weathering the storms together” to make a 13-character alphanumeric password using the Schneier method and including special characters would result in an entropy of log2(74^13) = 80.7 bits.
- Randomly Capitalize Letters: Randomly capitalizing one or more letters in each word will also increase entropy. For example, if the first letter is randomly capitalized in each word, the sample space becomes (2*171,500)^4 = 1.38 * 10^22 possible combinations and an entropy of 73.5. If the first and last letters are randomly capitalized, then the sample space would be (4*171,500)^4 = 2.21 * 10^23 giving it an entropy of 77.5
- Reverse Spelling: Another option is to randomly select two of the words and spell them backward. This will further increase the entropy of the password.
- Including Symbols: Adding symbols at the beginning or end of the passphrase and/or as separators between the words can also increase the entropy of the password. For example, if two symbols are added between each pair of words and one symbol before the first word and one symbol after the last word, the entropy will be increased even further.
- Including Numbers: Finally, adding a number or two to the end of the passphrase can also increase its entropy. This can be done by randomly selecting one of the words and replacing it with a related word that contains numbers.
- Use Another Language: If you know multiple languages, you can also increase the entropy of a passphrase by using words from different languages. For example, if we used three English and two Spanish words in an XKCD passphrase, and assuming the Spanish dictionary has approximately 93,000 words, the sample space will be increased to (171,500+93,000)^5 = 1.29 * 10^27 possible combinations giving it an entropy of 90.
- Combine Both Methods: For an even higher degree of entropy, you can combine the XKCD and Schneier methods by creating a passphrase using 5-8 words and then transforming some of the words using the Schneier method.
As you can see, there are several ways to increase the strength of a password and the possibilities are limited only by your imagination!
However, increasing the entropy of a password can make it stronger and harder to crack, but it can also make the password more difficult to remember. This is a common trade-off when it comes to password security.
Both the XKCD and Schneier methods aim to strike a balance between password strength and memorability by using simple patterns or sentences that are easy to remember and then modifying the password in ways that increase its entropy without making it too complex to remember. Ultimately, the best password is one that you can remember and that is secure, so finding a method that works for you and using it consistently is important.
How to Make a Strong Password You Can Remember
Writing down your passwords in a secure place may be tempting if you have a hard time remembering multiple strong passwords. However, this isn’t necessarily the best idea as it leaves your passwords vulnerable to theft or malicious attack. It also decreases the overall strength of your security measures since anyone who finds the notes would then have access to all of your accounts.
And if you are accessing multiple accounts several times a day and you have to pull out a piece of paper each time to look up your password, it can be very inconvenient. Not to mention the compromise of security by having to carry it in your wallet or purse everywhere you go.
That is why it’s important to use strong passwords that are easy to remember without having to write them down. There are several ways to do this. Here are a few recommendations:
1. Use a Mnemonic
One technique for remembering complex passwords is to use a mnemonic. A mnemonic is a phrase or memory aid that helps you remember a longer sequence of information. This technique can be used to create and recall a long, complex password or passphrase.
To remember a passphrase created for a Facebook account from the words “vulture”, “orchard”, “submarine”, and “pinball”, you could use a mnemonic such as “Visiting Old friends on Social Platform,” or “vultures in the orchard, submarines play pinball”.
2. Create Relatable Acronyms
Creating an acronym from a long passphrase can be a great way to remember the passphrase. This technique involves taking the first letter of each word in the passphrase and creating a new word that is easy to recall and recognize. For example, if you want to create an acronym from the passphrase “vultureorchardsubmarinepinball“, you could write “VOSP.”
The next time you want to log in to that account, you can quickly remember the passphrase associated with it by recalling the acronym “VOSP”.
Another creative way to use acronyms to make passphrases more memorable is to choose a 4-6 letter word (or longer) related to the account you’re setting a password for and then use this word as the acronym to reverse-engineer a passphrase.
For example, if you wanted to create a password for a dating app:
- Choose a 4-6 letter word related to dating, such as “LOVE”
- Use each letter in the word as the first letter of a random word from the dictionary.
- Put the words together to create a passphrase, such as “Laughing Oceanside Visions of Ecstasy”
Here’s another example: you could use the acronym “FACE” for a Facebook account and your passphrase could be “Fiery Acrobats Careening Exuberantly”.
This method creates a passphrase that is both memorable and secure, as it uses a relatable acronym and random words from the dictionary.
3. Visualize something associated with the password in your
Visualization is another technique that can be used to help make passwords more memorable. This technique involves creating a mental image or association between the password and a specific item or scenario. The idea is that the image or association will be memorable and help you recall the password in the future.
To use this technique, simply choose a visual item or scenario that is related to the password. For example, if your password is “Love is in the air 19”, you may visualize a heart-shaped balloon floating in the sky with the number 19 written on it. The next time you need to enter the password, simply recall the image, and your password should come to mind.
To remember the passphrase “Fiery Acrobats Careening Exuberantly”, one can imagine a group of acrobats wearing fiery outfits and performing daring stunts, and moving swiftly and exuberantly through the air.
4. Create Your Own Step-By-Step Approach
According to different sources in the industry, the average person has anywhere from 90 to 150 online accounts that require a password! Unfortunately, many people struggle to remember all of their passwords.
The process of creating a strong and memorable password can seem daunting, especially if you have many online accounts and apps to manage. By following a structured approach and combining different techniques, you can have your personalized approach to creating secure and memorable passwords.
Here’s an example step-by-step approach you can use or customize to create strong and memorable passwords:
- Identify the account or application for which you need the password.
- Choose a random 4-6 letter word that’s relatable to the account or application.
- Use each letter in the word as the first letter of a random word from the dictionary.
- Put the words together to create a passphrase.
- Use capitalization, numbers, and characters in a structured way to add complexity and strength to the password. This process can be as simple or as complicated as you want it to be.
For example, a simple customization approach might be:
- capitalizing the first letter of every word,
- adding the same symbol after the first letter of each word, and
- adding two symbols in the middle of the passphrase that correspond to the number of letters in the original passphrase.
Let’s apply this example to the passphrase “Fiery Acrobats Careening Exuberantly”.
We can customize it to be “F#ieryA#crobatsC#a!*reeningE#xuberantly”. The original passphrase had 33 letters, half of which is 18.5. We will add symbols in the middle of the new passphrase that corresponds to the number 18, where “!” corresponds to the number “1” on the keyboard, and the “*” symbol corresponds to the number “8” on the keyboard.
Alternatively, your customization pattern may be more complex such as by
- alternating between capitalizing the first or last letter of each word of your passphrase,
- adding a number in between every two adjacent words that corresponds to the number of letters in the preceding word,
- adding a symbol at the beginning of the passphrase that corresponds to the number of letters in the first word, and
- adding a symbol at the end of the passphrase that corresponds to the number of letters in the first and last words added together and divided by 2 and rounded up or down to the nearest 1.
Let’s apply this to the example passphrase “Fiery Acrobats Careening Exuberantly”.
Using this approach, the resulting password would be: “%Fiery5acrobatS8Careening9exuberantlY^”
By following this process, you can ensure that your passwords are uniqe, strong, and secure, and all you would need to remember is the acronym and customization pattern which you have created.
Furthermore, if you create a unique pattern for different sets of passwords, they are even more secure and difficult to crack.
Creating easy passwords to remember but hard to guess is crucial. Utilizing techniques such as relatable acronyms, memorable visual images, mnemonics, and personalized approaches to password creation, you can achieve this. However, remembering multiple complex passwords can be difficult. That’s why it is recommended to use a reputable password manager to securely store, sync, and manage your passwords.
By combining personalized password creation with the use of password managers and good password hygiene, you can ensure the security of your online accounts. To take your password security to the next level, we encourage you to learn more about the benefits and best practices of password managers and good password hygiene. Don’t wait until it’s too late to start protecting your online presence – take action today!