One easy method to come up with a good, memorable password is to base it on a full sentence, RedTeam Security consultant Kurt Muhl recently told Business Insider.
Taking the first letter from each of the words in a well-chosen sentence can give you uppercase, lowercase, numeric, and special characters.
Using the sentence, “I bought my house for one dollar”, for example, you can generate the password “Ibmhf$1”.
Muhl said a good password is one that would be difficult for password-cracking programs like John the Ripper to break.
If you use a dictionary word with a number at the end, like Springbok9, “that is the first thing we actually try to go after”, said Muhl.
Passwords, passphrases, and password managers
Security researchers like Diceware’s Arnold Reinhold have long advocated for the use of long but memorable passphrases rather than complex passwords.
For example, a passphrase like correct horse battery staple is easier to remember than a password such as “Dej3ct1ng+9” – and the passphrase is also more diffcult for password-cracking programs to guess.
Reinhold said users should use Diceware passphrases of at least six words long to ensure that they can’t be cracked quickly.
“Six words may be breakable by an organisation with a very large budget, such as a large country’s security agency. Seven words and longer are unbreakable with any known technology, but may be within the range of large organisations by around 2030. Eight words should be completely secure through 2050.”
However, some online services restrict the length of passwords, which makes the use of passphrases impossible. That’s where Muhl’s advice comes in.
Other security researchers have recommended that users adopt password managers such as 1Password, KeePass, or LastPass.
These services let you generate random passwords of variable length and store them in a secure way. They also synchronise your passwords across devices.
While not foolproof, security professionals argue that you will see more success getting people to use a password manager than trying to get them to create and remember secure passwords.