Creating an Extremely Strong and Unique Password

Security10091

In this post I'll give you a method to create a really strong and flexible password.

Now i've personally only gone through 5-6 passwords in the last 8 years. The first 2 passwords were insanely weak (6 digit numbers!). I then started picking stronger passwords but unfortunately I've had to change my password multiple times due to database leaks on websites i've joined.
However, my current password fixes all of these problems!

Desirable requirements for passwords

  • No dictionary words or simple phrases (so no QWERTY or password!)
  • No obvious patterns (ie 12345679, abcdef)
  • No obvious substitutions (ie hello -> he11o)
  • Length greater than 8
  • Length lower than 16 (unfortunately password length limits exist on many services so this is needed)
  • Starts with capital letter
  • Contains 1+ capital letter
  • Contains 1+ number
  • Contains 1+ special characters
  • Easy to remember
  • Unique for every website
  • Can be used with systems that make your password expire (without need for a new password)

The password we will make will meet all of the criteria above!

Step by Step Guide

  1. First, pick an easy easy to remember dictionary word or a phrase that means something to you. Make sure it is around 5-6 characters long. As an example, I will secure.
  2. Chose a position to split the phrase on. Don't just split the phrase at its syllables! I'll decide to split at secu so I have secu and re.
  3. Now capitalize the first letter in the first string. So se becomes Se. (This is so we meet the start with capital requirement on many websites)
  4. Now pick two 2-3 digit numbers. I'll pick 101 and 42. Add these in between your strings! Thus far we have Secu101re42 (length 11)
  5. Now pick a few other lowercase letters and capitalise them. I go with: SecU101Re42
  6. At this stage, all we need is 1-2 special characters. I decide to go with # and add it in somewhere: SecU101#Re42.
    The password is already a very strong password at this stage but still fails to meet the unique requirement.
  7. For the unique requirement, you have to come up with a system for creating unique passwords for each service you use. I came up with the following, look at the domain of the website you are using and take the first 2 letters from the domain. So on facebook.com you would take fa. Capitalize the first or last letter of this. Then add this to the start or end of your password or put 1 character at the start and 1 at the end. I decide to capitalize the last letter and put the 2 characters at the end of my password. So our password for Facebook is: SecU101#Re42fA ( length 14). The benefit of this is that even if someone manages to get your plaintext password on a service, they are unlikely to notice your system and will be unable to access your other services.
    Note: You can also use a 2 letter prefix that works with many websites so Facebook becomes fb. Furthermore, you can vary the length of the tag for each service as this will also make your password vary in length from service to service which is another bonus!
  8. If your password expires on a service and you are not allowed to reuse the password again, simply add the year, semester, term, quarter or something similar to the start or end of the password. I usually add the year to the end: ie 15 for 2015

Remembering your password...is easy!

I came up with this system in such a way that remembering the password is no issue at all. Most people fail to remember passwords because they have so many different ones across various services. In our case, the domain gives you a tiny bit of the password. All that left to remember is your phrase (in our case secure), the selected split position, the few letters that are uppercase and two 2-3 digit numbers. It turns out that this system is very easy to remember. Simply typing your password over and over again for 2 minutes will get it stuck in your head and then you can begin using it on all of your services.

Password Strength

I put the above password through various password strength websites. The passwords do very well in these tests.

Here are some results from online tests:

The Password Meter

How Secure Is My Password website result

My1login Password Checker

Final thoughts

Again these passwords are great because they are unique for every service you use (a few may clash but that is generally not an issue, however ensure you keep the number of clashes to a minimum and ensure important websites DO NOT clash). If your password gets compromised on a service you can rest easy knowing all your other passwords are secure.

Just for fun, there are the SHA1 sums for the password we created together below. If one hash gets compromised, the risk is almost nothing. If one plaintext password gets compromised, the risk is low if automated tools are used (often the case with large database leaks for major services). If someone is targeting you specifically, then it will take them a while to figure out your system but chances are they won't.

Oh and my password isn't the password above so don't try to hack me :D

 SHA1 sums for our password on various services

Facebook.com
SecU101#Re42fA
c7a2ecb0970fe92088c12711463f232b3f4acbf6

Google Services
SecU101#Re42gO
0dcda431ced6570241b6c568a772b91a797af853

Twitter
SecU101#Re42tW
eabb32d870a25b53c5280501f3796387d9136225

Microsoft Services
SecU101#Re42mI
68f185840fd47e9e60209d899a312d761db24ac6

Commonwealth Bank
SecU101#Re42oC
d35d9f5342fe86810ac7791bed526aa0bbd2a37c

Reddit
SecU101#Re42rE
2c282351c1b200514331755cad02ccd956f93020

PayPal
SecU101#Re42pA
944eede92adab3753c48281e3e515841a44bbf3c

eBay
SecU101#Re42eB
7db6bbd75ef9717d4ec665ea40c5687af06c0715

Pizza Hut
SecU101#Re42pI
56d9805fe90731b78658b16429e0b4295e4b1c5c

Personal Computer
SecU101#Re42pC
3c00810f87ed61cb43c0d435531b61b8ddbae104

Leave a comment

(required)(will not be published)(required)

Comments

Showing 1 comment from 1 commenter.

  • Display picture for mUGEN Jin
    mUGEN Jin

    Thanks it's very useful !!!

    Reply