How do you balance the necessity of highly secure passwords with the utility of easily recalling them all? The only secure password is one that you can’t remember, but there are times when you can’t use a password manager and need to rely on your memory.

 This post originally appeared on the Buffer blog.
It’s a question I mull each and every time a security breach happens. When the Heartbleed vulnerability was discovered last spring, the mandate was for everyone to change all their passwords right away. It’s still on my to-do list. I cringe at the thought of getting hacked, and I also cringe at the thought of taking the time and mental energy to do a complete overhaul of my favorite passwords.

Does this sound like you?

If you happen to have a system in place to manage your unique, random, unbreakable passwords, then my hat’s off to you. According to some estimates, you are among a well-protected 8 percent of users who do not reuse passwords.

The rest of us are still searching for a solution. We know that creating a safe password is paramount, but how does one actually go about creating and recalling all those essential, random passwords we need? It took writing this post to get me on the straight-and-narrow with my passwords. Here’s what I learned about how to create a secure password you can remember.

The Anatomy of an Unbreakable Password
The longer the password, the harder it is to crack. Consider a 12-character password or longer.
Avoid names, places, and dictionary words.
Mix it up. Use variations on capitalization, spelling, numbers, and punctuation.

These three rules make it exponentially harder for hackers to crack your password. The strategies employed by password crackers have advanced to an incredibly efficient level, so it’s imperative to be unusual with the passwords you create.
Crackers use different dictionaries: English words, names, foreign words, phonetic patterns and so on for roots; two digits, dates, single symbols and so on for appendages. They run the dictionaries with various capitalizations and common substitutions: “$” for “s”, “@” for “a”, “1″ for “l” and so on. This guessing strategy quickly breaks about two-thirds of all passwords.

Recent password breaches at sites like Adobe have shown how insecure many of our passwords are. Here is a list of the most common passwords that turned up in the Adobe breach. It probably goes without saying: Avoid using these passwords.


continue reading from lifehackers

Leave a Reply

Your email address will not be published. Required fields are marked *