Passwords, we love them (well, like them) and we hate them (no doubt there). They protect us, sort of, but then they also make our life difficult when they are guessed by someone, stolen, or mis-used by us. Creating a strong password is kind of a game.

The love-hate relationship comes from the fact that passwords are right at the intersection of security and usability. The most secure system is technically unusable, while a very usable system is probably not very secure. For passwords, if you choose one that is too simple and easy to remember, it becomes easy to guess or to hack. Choose one that is really hard to guess, and it will be complicated and hard to remember. Instant trade-off and dilemma!

Most users just give up and create passwords that are too simple. Here are some of the most common passwords found. You can tell yourself that they are not very secure:

• Password
• 123456
• Iloveyou
• 111111
• 000000
• Qwerty
• Admin (scary, given that this was probably the password for an admin account, who hired this guy?)

And the list goes on. Most password crackers contain a few lines at the start that try to guess the most frequent passwords right off the bat, before they get into any deeper algorithms.

What is one to do then, how can you create a strong password that is difficult to guess but that is easy to remember? Well, here’s a method you could use that I was able to teach to my pre-teen son and now he enthusiastically uses it and can generate any number of reasonably complex passwords that he can remember yet that would be fairly hard to guess or hack.

Step 1: Create an easy to remember but hard to guess password Core.

• Choose a memorable phrase to you, e.g. Mary had a little lamb
• Take the initials from that phrase: Mhall
• Now choose a second one, e.g. The early bird gets the worm
• Take the initials from this second phrase: Tebgtw
• Combine them with a memorable special character, like an ampersand (&) or a plus sign (+)
• Result: Mhall+Tebgtw

Wow, that looks pretty good, fairly complex, no dictionary words in it, includes capitals, has some special characters; we’re off to the races. Not quite!

It is well known that it is not good practice to use the same password everywhere. Even if your password is complex and hard to guess, it can be stolen. If it is stolen, and you use the same one everywhere, then this automatically opens the door to all your other accounts. Hackers are known to steal one password, and then with your email account try the same password on all mainstream accounts. We therefore need to add a memorable variable component to the password, so that each password is different, yet we can still remember it.

Step 2: Create an easy to remember variable component to add to your password Core

• You have many choices here. The easiest is to create some kind of variant of the account to which you are logging in. For example, you can use the first 3 letters of the account or company you’re connecting to.
• Lets say you have a Outlook.com account, then make the variable component be the first 3 letters of Outlook, e.g. out
• Or, if you’re connecting to LinkedIn, then make the variable component be “lin”.

Step 3: Combine the Core and variable component to create a memorable and strong password.

• Core + Variable = strong and easy to remember
• You can again combine them using another special character, like say -, or _, or @, or whatever.
• In the Outlook.com case, your password would be Mhall+Tebgtw_out.
• Holy cow, that looks complicated, and it is! Guess what though, it’s easy to remember.

So there you have it: you can now create passwords for all of your accounts that are difficult to guess and easy to remember. All you need to remember are a couple of simple phrases, the rule you use to combine them, and the rule you use to create the variable component of the password. Three easy steps indeed.

Let me know how it works out for you, or share any other ideas you might have on creating easy to remember but hard to guess passwords.