How to create a strong and memorable password?

When registering for the first time on a website at work or a service (For example Facebook, Google, Ebay amongst others), the need to create a password can sometimes be challenging.

This blog post will help you make a strong password which can be memorised much easier.

Content

Vulnerabilities of weak passwords,
Passphrase – A method for strong and memorable password creation,
Dos and Don’ts related to passwords,
Usefulness of a Password manager,
Key takeaways.

1. Why weak passwords are deemed to be a serious vulnerability in cyber security?

Whenever you access a portal with an Identification and Password, the portal (Email/Facebook/YouTube/Etc) recognises the user and any activities are associated to the user directly.

For example, if you login into your Google mail (Gmail), and if you send a mail to your Bank, when acknowledge the Bank will know that it’s from you. However, if your mail account has been compromised (hacked), that person/organisation will still consider any mail from that email to be honestly from you.

Common flaws of weak passwords are:

Previous repeated used passwords and same password is used on every portal,
Contains close member, friend names or your name,
Word in the dictionary,
Keyboard patterns (Example QWERTY, 12345),
Length of password less than 8 character.

Vulnerabilities:

Weak passwords can easily be cracked by hacking tools (Brute-force attack).
- Hackers can exploit and cause serious troubles to the user through,
  - Blackmailing for action and asking a ransom,
  - Misuse of hacked account for its own personal gain,
  - Use of Social engineering potential people in the hacked account network into divulging confidential information.

2. What is passphrase and how it can help to create strong and memorable password?

When we create single word strong password like 196+}oE4B2AjS4, it seems difficult to remember and if it is not used often, we easily end up forgetting.

A passphrase is a sequence of words or other text used to control access to a computer system, program or data.

The point is to provide you a simple way to create a complex password and also allowing you to remember which involves creating a long but memorable meaning like a sentence.

The passphrase can be generated by asking yourself some questions below and applying a few tweaks as follows:

Think of a combination of 4 to 6 words:

For example: satya tech like chocolate billard

The point here is to make:

Use of random words that makes no sense
Easy to remember

Next, codify the combination of words with uppercase, lowercase, numbers and characters:

For example, changing satya tech like chocolate billard to S@tyA27 TecH LikE Chocol@tE Bi!!@rD

Changes applied:

For each word, the start and end alphabet were changed to uppercase,
a was changed to @
l was changed to !
Number 27 was added

The point here was to make:

A long password (passphrase used),
- A strong/complex password,
- Contains random characters,
- The password is memorable,
- The password is hard to crack or guess.

3. Dos and Don’ts related to passwords

As you know now, passphrase is a simple yet clever way of making password.

However, also be aware of mistakes to avoid and actions to consider:

Don’t use same password on all websites,
Change password regularly (Each 90 days),
Avoid using trendy slang,
Avoid making consecutive keyboard passwords (For example 12345 or QUERTY),
Avoid making use of birthday, phone number etc as passwords (Avoid using personal information),
Always logout once related account has been used,
Request/Delete data from unused accounts.

4. Password manager

A password manager is a computer program that allows users to:

Store, Generate, and Manage their passwords for local applications and online services.

A password manager assists in generating and retrieving complex passwords, storing such passwords in an encrypted database.

It can get really cumbersome to remember different passwords when we have a panoply of websites and apps that requires to be authenticated.

With a password manager, only the master password needs to be remembered (Password to access the Password manager) in order to access the vault of all your passwords to a panoply of services.

In this case, the password needs to be really strong (like passphrase as explained above).

The key benefits of using a Password Manager are the following abilities mentioned below:

Reminders to change password for a given period of time (expiry dates),
Generate complex passwords instantly,
Ability to auto-fill login forms (passwords not stored on clipboards),
Ability to synchronise among devices,
Password vault encrypted and software can be openly audited (Open Source).

Although we have countless commercial Password Managers, my main suggestion would be KeePassXC which is a free source software and provides a great service and is free to use for all.

You may follow the following link to setup keepass on your PC/Windows and for Android Keepass2Android:

https://ssd.eff.org/en/module/how-use-keepassxc

5. Key takeaways

Cyber self-defense I believe is a fundamental knowledge that most of us are left uneducated about and are the impact of serious data breaches and consequences. By providing tips/tricks and don’ts, I want you to reflect and act on your presence online proactively and plan how you can alter your passwords and better manage your passwords to prevent vulnerability and to help educate people how to create your future passwords and stay safe online.