Creating Effective Passwords

I have been giving a lot of password advice at work lately, & over the years I’ve read several different ways to invent passwords. I think I have a pretty good system for creating them. Here it is:

1. Come up with a password that has absolutely no significance. I call this the “root password.” Use at least six characters. More is better. So is a variety of letters, numbers, & symbols. example: k5$3b4 [update: I would suggest using this method for creating the root password. Thanks for the link Leon.]
2. Memorize it. (You can write it down somewhere without worrying about it or encrypt it in Evernote. Read on.)
3. For whatever site you need a password for, take two characters from that site’s name and then add them to the root password. Use the same system for all sites.
For example, you can use the first two letters of a site’s name. Facebook = fa, YouTube = yo Add them to the beginning of your root password and your password for Facebook becomes fak5$3b4, YouTube is yok5$3b4.

There are an infinite number of variations for this. You could use the first and last letters of a site’s name, second & third, capitalize them, add them to the end or in the middle of your password, or split them with a punctuation mark.

This system has worked for me. My passwords are different for all sites & they are easy for me to remember.

Two more bits of advice: If you use a mobile device make sure the characters you choose for your root password are easy to access. On my laptop the percent symbol, %, is just a shift key away, but on my iPad it takes three taps. It is still a good idea to change your password regularly. When you change your passwords simply vary your system or root password.

If you would like to check you password strength, can do this and also gives some ideas for creating a stronger (root) password.


No comments yet to Creating Effective Passwords

  • Thank you for explaining this so clearly. I’ve tried to tell staff how to do this but I can tell from their expressions that I’m not being clear.

  • Hello,

    I respectively side with XKCD on this one. I think passwords need to be human friendly, especially when dealing with teachers, who tend not to be computer scientists. From a facilitation point of view, passwords need to be realistic.

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(Spamcheck Enabled)