My Password Technique Revealed!

This article is the result of many years of frustration and preaching good password security to people who generally just don’t understand the importance. I’m sure there will be plenty of critics who say revealing my process will make me more vulnerable. While this is technically true, I welcome the challenge. If you have a better process I really hope you’re willing to share it as well because in our current times securing our online lives is extremely important. It’s worth taking the time to improve our personal and business security.

I don’t reuse passwords. Most of mine are long random passwords generated by random password generators and they’re stored in a password manager. Unless you have photographic memory this really is the best and easiest way to stay secure online. I have dozens if not hundreds of unique passwords, there’s no way I could remember them all.

There are three things that make a password secure. We’ll go into detail about each one:

1. Hard to crack
2. Unique
3. Secure

Hard to Crack

This first point is really easy for most of my passwords. Since I use a password manager I don’t have to remember them, so there isn’t really a reason to make them short or easy to remember. On the accounts that matter the most (banking and email) I make them super long, like they would take several minutes to type out. This doesn’t matter though since my password manager securely pastes them wherever I need them. I won’t go into a lot of detail here since this topic is well covered by security specialists and I want this article to focus on my technique for generating the few passwords I do have to remember, notably the password to my password manager. It’s worth taking a bit of time to understand how to crack passwords. This will give you some insight as to how hackers approach the problem and how to make it hard for them. Again, this is a topic that’s well covered and not the focus of this article.

Uniqueness

When we create a password for a service, we don’t control how that password is protected. It’s all too common for hackers to get into databases and find that the user passwords have no protection at all. Services should hash user passwords with a unique salt so that even if hackers do get into the database they have to crack the hash to see the actual password. Again, not the topic of this article, but the point is once we submit a password to a service we don’t have control over how that password is handled. Even if it’s super hard to crack (long, random, unique) it won’t matter if that password isn’t properly secured.

Assume a hacker breaks into one service and get a password and the email that goes with it. If you use that same password everywhere they’ll get into your email and all your other accounts within minutes. The point of using unique passwords is that all the work a hacker puts into breaking into one account only gets them into that one account and all the others are a dead end.

If a hacker gets your email password for example, they can use an automated tool to search your email for every account verification email you’ve ever received and automatically try your password and a few simple variations on every account you’ve ever created with that email. Don’t let that approach work, don’t reuse passwords.

Secure Passwords

This means you keep your passwords in a safe place so if a hacker does target you they can’t get your password list and use it to compromise everything else. The worst example is leaving a sticky note with a password somewhere on your desk. If you have a paper copy of your passwords, keep it on you or in a safe. The best practice is to use a password manager that encrypts all your passwords with one master password. This way, you only have to remember one and you can keep it secure in your brain.

Master Password Technique

There are a few different techniques for creating your one master password so that it’s hard to crack, unique, and memorable. Here’s mine:

Start with a phrase that’s at least 12 words. Pick one that’s unique and memorable for you. I like to use phrases from old literature. Bible verses are okay if they’re not the most quoted ones. Movie quotes are good too. For this example we’ll use:

“I’m not saying I’d like to build a summer home here, but the trees are actually quite lovely.” - Westley

Replace the words with characters, letters, numbers, or whatever is memorable to you. Use abbreviations for words without a memorable replacement. Try to use at least 1 symbol and number.

I’m not saying I’d like 
I   !   “      I   l    

to build a summer home here, 
2  b     1 s      ^    h   ,

but the trees are 
B   t   ^     r   

actually quite lovely
@        q      <3

In this example I replace “not” with ! (the logical NOT operator in programming)

“Home” and “trees” I replace with ^ because of the shape.

The characters you choose should be less intuitive to others to make it harder for someone else to reproduce. It won’t be too difficult to remember weird substitutions with some practice.

Practice typing your new password while repeating the phrase in your mind. The muscle memory associated with the words will engrave itself in your memory.

I!”Il2b1s^h,Bt^r@q<3 

If someone does look over your shoulder they’ll have a really hard time remembering it or understanding where it comes from (unless you say your phrase out loud while typing) That’s it! Most password managers will allow all the characters you can access on your keyboard so you shouldn’t have any trouble with them. On other websites with weird password requirements and limitations just adjust a random password generator to use the characters that are allowed then save it and forget about it. Good luck!