These ideas are meant to be used as just one part of the password. A strong password should be at least eight characters (10+ is better). If you create a strong main ingredient then surround it by variables representing sites and expiration dates, you can reuse your stronger main ingredient. These ideas revolve around the password sandwich. This concept is explained in great detail in our book, Healthy Passwords. We have also put a little information at The Password Sandwich.
Short rhythmic phrases work very well for most people. The rhythm is a trigger for our brain. It seems to store rhythm in a different place than boring sentences. Use a song chorus that won’t leave your head. Use a nursery rhyme or limerick. I would love to give examples, but most modern material is copyright protected. In my book I use the public domain example of “Three blind mice, See how they run” to create TbrShtr.
Is there a song that has been in your head for years? Use the first letter of each word.
Your Favorite Things
My favorite is You fill in the blanks. How about:
|Mfc=Vwb||My favorite car equals Volkswagen Bus.|
|Mff=Lmb||My favorite fish equals Largemouth bass|
|Msfp=ft||My second favorite poker equals follow the queen|
How about using sports acronyms such as NYY for New York Yankees or NYJ for New York Jets. Just remember that if you use sport teams, you need combine them and put a special character or something in the middle and mix the case. Capitalizing the first middle or last is a good strategy.
For example: nYy#nYj
Frequent fliers may like to use their favorite airport codes. How about DET (Detroit) or ORD. (Chicago O’Hare)
Just like sports teams, be sure and use more than one mix the case and use a special character.
Your Own Essence Phrase
These need to be combined with others adding some symbols between to make longer more complex password.
|vsg||Very smart girl|
|Wbd ||Worlds best dad|
|Lam ||Lean and mean|
Are you good at sighting passages from your favorite holy text? Use your favorite ones. Just be sure to not use complete specific passage identifiers, since they are equivalent to dictionary words.
Keyboard Patterns as Ingredients
We have revised this practice to only recommend keyboard patterns as part of a more complex formula.
Look at your keyboard and find a pattern. For example, mju normally form a diagonal pattern pointing up and to the left. Pick out some patterns for your core password and sprinkle in a site id or expiration date. Be sure not to use anything too simple. For example qwerty or cvbnm is too simple.
Instead of just using cft%yhn, use cft.....yhn (the ..... can be anything you want, just not in sequence.
Be warned, it's not too hard to create dictionaries of most possible keyboard sequences. (see See Imperva.com's Military password analysis. ) If you use a sequence, make it as complicated as possible and throw at least one out of sequence character in the mix. If it keeps you from using 123456, then it's much more secure than the alternative.
Try diagonals and use two passes rather than one. For example, cft%YHN is comfortable to type, mixes lower case, upper case and a symbol and may not be a pattern on different keyboards. This same pattern on my keyboard is cft^YJM, but in the screen shot it is cfg%YHN. Doing the up using the left hand and the down using the right hand enables you to hold down the shift easily with your left to mix case. For sites that don't allow special characters, using the number works just as well.
Just keep in mind that the pattern will vary from keyboard to keyboard, and the scheme may be useless when looking at a smart phone or pda.
Don't use your own current or past few addresses. What about your best friend, or an old work, or a family member's address. Just be sure to throw in a special character and vary the case a bit.
One problem with addresses is they are too long for many websites. It's not uncommon to find websites with 14 character limits.