How to create easy to remember and STRONG passwords
A LOT of people I run across have weak passwords. Here's how I create strong and easy to remember passwords. First, pick a word of some medium length. For the sake of this example, I'll choose 'horseshoe'. This would of course be cracked in a matter of seconds (an offline attack would take 56 seconds according to this password strength calculator) by a dictionary attack. BUT how about we pull an Emeril and spice the word up a bit?
First, I'll capitalize the first and last letter of the word.
Secondly, I'll substitute a zero for all instances of the letter 'o'
Finally, I'll add an exclamation mark to the end
So now, the password is H0rsesh0E! Super easy to remember, and this password would take 19 years to crack offline. Still, if someone had a massive array of computers trying to break this password, it would only take a week. So this is fine for Pinterest or whatever, but maybe not for your domain admin password or your facebook/email password. Also, you should use multiple passwords for different purposes. So let's create another password. After applying the process outlined above, I have created 'D1s1ntegratE?' (disintegrate with 1's instead of i's).
What I've done in my personal life is have multiple tiers of security. Sites or service passwords where little personal information is kept (newsletters, for intstance) get a "weak" password like 'H0rsesh0e!'. Email gets a double treatment. I combine two of these passwords together, like this: 'H0rsesh0E!D1s1ntegratE?'. That password right there would take the massive cracking array 9 billion trillion centuries to crack.
Oh but wait, there's more! They say you should use different passwords for every site! Easy. Add the first letter of the site to the end of your password. For SC Magazine, I would use 'sH0rsesh0E!' (notice the s for SC Magazine).
So let's recap my process:
1. Pick a word.
2. Apply Capitalization, leetspeak, and add symbols (leetspeak is the process of substituting numbers/symbols for letters - Here's the Wikipedia entry and here's a handy generator.
3. Make security tiers for different security requirements and combine multiple passwords to increase strength
4. Put an abbreviation for the site/purpose in front of (or behind) your password
It sounds complicated, but really you only need to remember the process, come up with a few words and then don't deviate (going off "your path" will make your passwords harder to remember). If you choose to replace i's with 1's then do it all the time so you remember to do so for all passwords.
An added bonus is that when people see you typing in really long passwords in increases your credibility in anything computer related (especially security). Just made this one up in my head:
Have a nice day! Oompa Loopma? Christmas*
One more thing regarding passwords, but not directly related to this process. Keep your passwords documented in something like KeePass. Not only in case you forget, but in case you die and someone needs to get into your accounts. Or you just are sick of telling your spouse how to get into online banking.