How to Create Secure Passwords Without Losing Your Head

Throughout my Information Technology career I have endlessly lectured on the importance of having strong passwords. I have nagged. I have told horror story after horror story. I have even confiscated post-it notes from under keyboards which clearly depicted usernames and passwords. More recently I have come to accept that if creating a strong password is too difficult for a person, they are not going to do it.

Sure, there are ways to force people to create secure passwords by implementing password policies. No matter how complex I require the password to be, there are ways to make it less secure. I might require that passwords be at least 8 characters, combine upper and lower case letters, and include at least one number or special character. To try and prevent obvious passwords I could also specify that passwords not include the user's first name, last name, or be the same as the last 5 passwords they previously had used. With all these guidelines to encourage a strong password, the user could easily weaken their password by using their street address and street name.

For instance, Bob Smith who lives at 214 Main Street could use 214MainSt. as his password. That password is less likely to be cracked than say, ilovecheese, but what if Bob is a crappy neighbor? Say Bob's dog is always leaving presents for the disgruntled, computer savvy teen next door. The password of 214MainSt. is a likely guess for anyone that knows Bob and knows where he lives.

But why? Why do you make it so hard to come up with an acceptable password?
And for goodness sake, why do you make us change our passwords right when get used to them?

Like your parents used to say, we are doing this for your own good. Truly we are, for the most part. It is our job to keep the network secure so that you, and everyone else, can enjoy privacy and service. If we didn't care about maintaining your security and service, we certainly wouldn't be battling with you about your password. We are the Spidermans of the computer world. We try our best to protect everyone, but often times we end up being portrayed as the bad guys.

So is it possible? Can you create secure passwords without going batty?

Yes, it is possible to create secure passwords without losing your head. The first thing to do is to think of something completely random. Do some word association for a little while to get your creative juices flowing. Match two words that only have a connection in your mind. While the process of creating a secure password might seem insane, it will actually prevent you from becoming insanely frustrated. Follow along, I promise it will all come together in the end.

My Aunt Betty had a dog named Poofer. Poofer the poodle once ate a blue Lego piece. My two random words in this case would be Poofer and Lego.

Now think of a number or two related to the story. My Aunt Betty must have been at least 70, Poofer ate 1 Lego piece, and it took 4 days to go through him.

Combine the words with the numbers and add an emotion. Example: 1Lego4Poofer!!!

This password will be easy for you to remember because you just have to think of the story. Likely it will be difficult for anyone to guess and it meets password complexity requirements.

Now try it and let me know, is this easier?