Passwords need to be complex, but they’re often hard to remember. How do you make them meaningful and unique in our modern day world of regular security failures?
Everyone has passwords, and these range between good and bad.
If you’ve created a password on a website or service recently, there’s a good chance you’ve had to run through the steps to make it “good”, or at least confirm it as a “bad”. The differences between them are pretty clear.
A good password varies, but it’s often harder to recreate, including a capital letter, a number, a form of punctuation, and may not read as a word anymore. Good passwords are complex, and bad passwords are, well, not.
Unfortunately, there are a lot of bad passwords out there, so many that you can typically rely on a list of bad passwords to be released yearly. The world’s worst passwords are often so bad, it beggars belief, including the likes of “password123”, “12345678”, and “rosebud”, because no one saw that level of sarcasm coming.
Unsurprisingly, these are bad, and not just because they’re easy to guess, but because the structure of these passwords is entirely out of kilter for what constitutes a good, complex password. They’re easy to guess and easy to break, and that means they’re easy to take advantage of, which isn’t a good thing.
So what is a complex password in this day and age, and how do you make one?
What’s a complex password in 2021?
A complex password is one that will take any unauthorised attempts more time to work out, and one that won’t be shared between services. In essence, it’s a unique password that is harder to understand specific to one service or application, but that can also be very hard to remember.
Unique passwords mean when something does fall and security fails — such as when a database is leaked often unbeknownst to you or anything you’ve done — the password only affects one account and therefore not your entire chain of passwords, and is so complex, it’s not worth trying to break. You’ll quickly change it and move on.
The unique qualities of a good password go beyond simply making it a unique password unshared by other services, though, because it should follow those rules and be a complex password overall.
Rather than pick a phrase and a number you like and can remember, good unique passwords are often a series of letters, numbers, and punctuation blended together to result in a genuinely complex password.
Frustratingly, that complexity can often drive people to password managers, be it in a separate app or inside a browser, both of which work.
How do you remember a complex password?
Besides the obvious software that can do the job of recalling the password for you, one way to recall a complex password is to have your own code.
It’s almost like you’re in the middle of wartime scenario, and you have your own cipher for the online world. If you think of cybercriminals in a war being waged against your wallet, it’s easier to understand and even to relate to.
So you can build your own cipher, knowing what you replace characters with to make your password better.
For instance, you might want to start with a phrase that you associate with the service, such as “birds go tweet” for Twitter. You can quickly turn that into a better password by changing out letters for numbers and build your own code for the language, such as replacing the letter I with an exclamation point, replacing a space with a parentheses, replacing the S with a dollar sign, the latter O with a zero, and replacing the letter T with a 7.
Do those steps, and the phrase “birds go tweet” quickly becomes “b!rd${g0{7wee7”. According to a password checking system, it would take a computer about 53 million years to crack that password, and all we needed to do was have a code for our passwords to work from.
Is it possible to remember a good password?
If all of this seems complicated, it’s because it is. Complex passwords aren’t easy, but they’re better for protecting your accounts, even if they’re not necessarily easy to work from.
“It’s definitely possible to remember a good password but the problem often lies in trying to remember multiple good passwords,” said Lindsay Brown, Vice President of LogMeIn, the makers of a password management app.
“People will often have one main password to keep in mind which leads to the habit of using the same password over and over,” he said.
Instead, try adapting a cipher to a passphrase that only you would know, changing out the letters for numbers and forms of punctuation so you’re left with a better password and less risk.