Last week, we wrote about the Heartbleed vulnerability. Although most of the best cloud backup providers were unaffected, the security gap was a good reminder of password security. But choosing secure passwords that you can actually remember isn’t easy. Here are some ways to create effective passwords that you won’t forget (and will be able to change every few months) for your cloud backup and other accounts.
To recap, here are the internet password guidelines everyone is supposed to follow.
- Use combinations of letters, numbers, and special characters whenever possible
- Use at least eight digits
- Do not use real words
- Do not use names or numbers connected to your life (address, phone number, etc.)
- Do not use obvious key combinations (like QWERTY)
- Use different passwords for all of your accounts.
If that sounds like a recipe for creating passwords that are impossible to remember, it is because it is. Human brains like patterns and do not like meaningless strings of letters and numbers, so it is hard for us to remember even one randomized password (let alone twelve of them). The trick to remembering these passwords, therefore, is to create patterns that only you can spot. Here are a few approaches that may work for you.
The Evolved PassWord
The reason so many people choose words (like password) as passwords is because they are easy to remember. You can still make a word the base of your password if you want to – you just have to bend the rules a little by spelling it backwards and adding other elements, like capitalization, numbers, and special characters.
For example, let’s say you want to use ‘Sherlock’ as the base of your password. ‘Sherlock’ backwards is ‘kcolrehS.’ Now it’s time to add capitals, letters, and numbers.
kcorlesS with more capitals = kCoLrehS
kCorLesS with numbers = kC0Lr3hS
kC0rL3sS with special characters = @kC0Lr3hS#
@kC0Lr3hS# seems very random, but because it was created from a word, it will be much easier for you to remember than a random password. If you must write it down anyway, write it down in a physical format somewhere safe (like a card in your dresser) and without any of your usernames or account information attached).
If you don’t want to come up with your own password, you can use a password application to help to come up with one. Many of these programs give you control over various aspects of the password-creating process. LastPass, for example, lets you choose the length of the password, whether or not to include special characters, and whether or not to make it pronounceable.
Here are two examples of LastPass passwords:
Random with symbols: O1PXTrco!S%o
Prononceable with symbols: saloporicett
As you can see, the pronounceable password is easier to remember, but capitalization, numbers, and special characters should be added for optimal security.
The added bonus with LastPass and other similar applications is that they save all of your password information on your computer. LastPass then fills in your username and password for you so you can log in within seconds. This is good for those who often forget passwords, although you absolutely need to remember your master password or you will get locked out of the application.
So far, we’ve talked only about individual passwords. However, you are supposed to have a different password for each of your accounts, and it can be difficult to remember even these ‘easier’ passwords if you have too many of them. There’s a trick to this as well.
Let’s go back to our Sherlock password (@kC0Lr3hS#) You can customize this password to each of your accounts. For example, for your Carbonite cloud backup account, @kC0Lr3hS# might become @kC0Lr3hS#CA. For a BackBlaze account, it could be @kC0Lr3hS#bb. You get the picture.
This way, all of your passwords for your accounts will be different, but you will remember all of them. And, every few months, you can change the passwords just enough to maintain security, but not enough to make you forget (maybe @kC0rL3sS#bb would become bb@kC0rL3sS#).
Although remembering passwords is a pain, with these tricks, you can keep all that data you have stored on the cloud safe. After all, cloud backup providers do a great job with encryption and other security – your only job is to come up with a secure password to protect your information. If you do a good job, even Sherlock Holmes wouldn’t be able to get into your account!