DNN.ca’s Guide to Creating Effective Passwords

Good password etiquette is a critical aspect to keeping yourself safe online. You’ve probably seen some services you use require a “strong password” in order to create an account, and the recommendation to change your passwords regularly. As such, we’d like to offer this handy guide to both password best practices and how you can come up with unique, strong and memorable passwords that you can recall in an instant.

Some examples of weak passwords:

  • Dictionary words – e.g. “people” or “places
  • Repeated characters or a series of characters – e.g. “AAAAA” or “12345”
  • A keyboard series of characters – e.g. “qwerty” or “poiuy”
  • Personal information (e.g., birthdays, names of pets or friends, Social Security number, addresses).

When it comes to passwords:

  • Use a combination of upper- and lower-case letters, numbers and special characters.
  • Change your passwords on a regular basis, preferably every three to six months.
  • Avoid saving them to a password manager on a web browser.
  • Avoid writing them down or saving them to a file.

Passwords are meant to be generated and recalled from memory and kept confidential. However, even with the above guidelines in mind, the sheer number of sites and services for which the average person has to create accounts can make it difficult to commit that number of passwords to memory. Here, we’d like to offer some tips for creating strong passwords that you can easily memorize and recall as needed.

  1. Think of a subject that is unique to you – Memorable passwords need to have some basis that mean something to you. Consider a topic, a hobby, a piece of media, that is outside the realm of the mainstream, one that hackers would not easily consider.
  2. Create some mnemonics from that topic – Once you have a topic, you can create phrases or mnemonics related to that topic. For example, guitarists use the mnemonic “Eddie Ate Dynamite, Good Bye Eddie” to remember the names of the strings on a 6-string guitar (EADGBE). Or you can use a line from a favourite movie or a song lyric. Something that offers a phrase that can be quickly and easily recalled.
  3. Modify the mnemonic with some number and symbol shorthand – Once you have your mnemonic in hand, you can truncate the mnemonic to make a password, and replace some of the letters with numbers. For instance, the example above could then become “3DD!38dyn@myt” to stand in for the mnemonic “Eddie Ate Dynamite”. Then when it comes time to log in, you can remember that you applied the “Eddie” password that you created to this particular site and you know exactly which one to enter.
  4. Keep a handful of such mnemonics in your mind – While it’s important to change passwords often, passwords can certainly be rotated among various websites to ensure you’re not using the same one twice. Moreover, if you can keep the same topic for password use, it’s easier to recall which passwords you’ve used and what the password is likely to be if you’ve forgotten. Broader topics that offer more mnemonics can make it easier to come up with new passwords.
  5. Trust your muscle memory – If you have a particular site or service that you use frequently and need to enter the password for regularly, you’ll build up a muscle memory for the keystrokes you need to enter. So even if you can’t immediately think of the exact password in your mind, you may have built up a muscle memory to enter it without thinking.

These tips will help you come up with new passwords on the fly, ones that won’t be duplicated on other sites and will be strong enough to resist dictionary attacks. Happy surfing!