How to Create a Strong Password (and Remember It)

Consumer Reports

You can create strong passwords that don’t make you memorize a cryptic string of letters, numbers, and punctuation symbols. Here are three techniques:

Use a sentence. It’s easy to remember the first letters of the words in a sentence. For example, children have used this sentence to remember the names of the nine planets: My Very Excellent Mother Just Served Us Nine Pickles. You could use the first letters of those words to generate this strong 9-character password: m*Emjsu9p, where Venus (the morning or evening star) is represented by *, the letter for Earth is capitalized, and nine is a numeral. In practice, it’s best not to use such well-known sayings to generate acronyms.

View photo

.

Security expert Steve Gibson’s tips make passwords easier to retain.

Use a pass phrase. Several words mixed with numbers and punctuation symbols is known as a pass phrase. For example: stitch9clock^handsapplausE. The longer the pass phrase, the more secure it is, though you’ll be limited by the maximum length the site allows.

Growing the haystack. Developed by security expert Steve Gibson, president of California-based Gibson Research, growing the haystack takes advantage of the ways hackers crack passwords. “The first thing they’ll try is the well-known dictionary of most common passwords,” Gibson says. “Then, if they know something about you, they will try to guess things from your life.”

To foil that part of the process, Gibson suggests starting with a phrase that’s short but not a common word. That forces the hacker to resort to the slower brute-force approach by trying every combination in existence, which is like looking for a needle in a haystack.

Once you’ve accomplished that, “the length of the password matters more than its absolute complexity,” Gibson says. In other words, make the haystack larger by padding the password with numerous easy-to-remember symbols. For example, the password “c - @T - - 9 - - -” is 10 characters long and is probably not in any dictionary, but it’s not very hard to remember.

A caveat: Don’t use any of the above examples as actual passwords. Now that they have been widely published, hackers might add them to their dictionaries.

Copyrighted 2011, Consumers Union of U.S., Inc. All Rights Reserved.

Consumer Reports has no relationship with any advertisers on Yahoo!

View Comments (333)