Do you have so many passwords already that they could throw a convention? You may want to use a password convention.
How would you like to know about a simple way to have a different secure password for every account that you can easily “remember” whenever you need it – without looking it up? Read on.
Prefer Not to Remember Passwords? Use a Password Vault
Password vaults are a great way to store your credentials. Although, passwords are easily compromised, which is why the strength should be coupled by an authentication passcode.
What is a Strong Password?
First you need to understand what makes a good (i.e., difficult to crack) strong password. The easiest way to do that is to know what weak passwords are. Instead of explaining all the variables I’ll just offer how I create password conventions for clients.
-
-
- First two to four letters of the site where the password will be used
- A number the same length as the number of letters you selected (2-4)
- A special character – not all special characters are acceptable on all systems
- Decide what order you wish to combine them in and write down your pattern
-
Here are some examples of patterns you could use:
-
-
- Three letters, special character, three numbers
- Three numbers, special character, three letters
- Take a word and insert numbers and special characters in specific positions
-
Those are the basic components of your new password system. Even the simplest version is a fairly difficult password to crack. If you’re really security conscious you can make passwords stronger by:
-
-
- Using both upper and lower case letters
- Using more special characters
- Making the way you combine them more complicated
- Making them longer – the more characters you use the longer it takes to run a password cracking system against your password
-
Here are some SIMPLE examples to help you understand more clearly:
-
-
- Convention: first three letters, special character, three numbers
- Password for Yahoo: yah-824
- Password for Google: goo-824
- Password for Microsoft: mic-824
-
Even though these are very simple examples they are much more difficult to crack than commonly used passwords.
I would recommend something a little more creative as someone who had one of these MIGHT be able to guess your pattern.
Feel free to make your convention more complicated so it is even more secure.
The key is to make your password convention easy enough to remember and keep it consistent enough to actually use it.
If you want really secure passwords make the convention complicated and write only the pattern down.
If you change your passwords you can change your pattern and even write down the new pattern or even some notes and even if someone finds them they won’t be able to figure out your passwords.
TIPS for Memorable Passwords
-
-
- Use a number you know and don’t write it down
- Use a base word broken up by inserting your numbers and special characters into it
- Use both upper and lower case letters
-
Here is an example of a very complex pattern written down in your own unique code:
-
-
- Write down a12B{e6a1e97ec1a15155ca0ed8c3e87721e561c99ed6e52274045963a20278fc2089}3c and no one will ever guess what your passwords are
-
Example Password Conventions
So what does a12B{e6a1e97ec1a15155ca0ed8c3e87721e561c99ed6e52274045963a20278fc2089}3c mean? Here is the translation:
-
-
-
- You have three letters – say yah for Yahoo or goo for Google
- You have three numbers – any three numbers you can remember
- You have a special character – in this case the percent ({e6a1e97ec1a15155ca0ed8c3e87721e561c99ed6e52274045963a20278fc2089}) sign
- a is your first letter – make it lower case
- B is your second letter – make it upper case
- c is your third letter – make it lower case
- Your numbers plug in where the 1, 2, and 3 are
-
-
If your number is 824, your passwords are:
-
-
- Yahoo – y82A{e6a1e97ec1a15155ca0ed8c3e87721e561c99ed6e52274045963a20278fc2089}4h
- Google – g82O{e6a1e97ec1a15155ca0ed8c3e87721e561c99ed6e52274045963a20278fc2089}4o
- Microsoft – m82I{e6a1e97ec1a15155ca0ed8c3e87721e561c99ed6e52274045963a20278fc2089}4c
- US Counties – u82S{e6a1e97ec1a15155ca0ed8c3e87721e561c99ed6e52274045963a20278fc2089}4c
-
While this may seem confusing at first, once you get used to it you’ll never be without a password as long as you can remember (or have with you) your pattern.
Your passwords are strong and unique but as you move from site to site while working you’ll be able to recall what one you haven’t used in a long time is because it is similar to one you use every day.
There Are No Uncrackable Passwords
WARNING: All passwords can be cracked with enough time, computer power, and motivation.
Using this convention idea is not as secure as using totally random passwords, especially if someone had access to more than one of your passwords and recognized your pattern.
How strong your password needs to be depends on what you’re securing.
Privileged Password Management
Privileged password management is an advanced type of password authentication that is used for privileged identities. For example, IT admins and CISOs.
Additional Cyber Security Resources
Originally published 9/16/2008; updated 1/7/24.