With the latest and greatest security flaw to date, most of those reading this should have heard about The Heartbleed Bug. Heartbleed is a vulnerability in OpenSSL, which is a cryptographic software library. To make it simpler, it is what handles the security of data online – passwords, data, etc. Many websites you may participate with had a vulnerability to Heartbleed. Most of those have probably sent you an email suggesting you change your password. Now, this would be a good time to reevaluate your password selection to something a bit stronger.

This blog, however, isn’t about Heartbleed – you can read more about Heartbleed on your own time. I will, however, discuss in this blog entry a way to make very secure passwords that no one will guess, and you won’t forget. I will also help you categorize them. Allow me to explain …

Good Password Structure

A really strong password will contain both upper and lower case letters, at least one number, and at least one symbol. In many cases, some websites or systems will require your password to be at least 8 characters, start with a capital letter, and never with a number. For the sake of creating a universal password set for yourself, let’s meet these standards. Also, we aren’t going to use a recognizable word, part of your social security number, not your driver’s license number, and surely not your date of birth – and especially not your name. I can’t believe I need to type this either, but ‘Password123’ is not a good password. Oddly, someone reading this article just pounded their forehead with the palm of their hand.

Create-A-Phrase Password Methodology

Creating something memorable yet complicated is hard, or you could say the concept is complicated. It’s easy. Take a major life event, or something from history, or something that is going to happen, or a place you live, lived, or want to live. For example, “I graduated from High School in 1996!”. Ripping out the first letters of that phrase results in “IgHSi1996!”. I don’t want to ruffle your feathers, but that password is perfect.

Categorization of Passwords with Symbols

It is an awful idea to have one password for everything, but it is insane to expect a person to have a different password for everything. That said, a reasonable middle ground would be to categorize your passwords with a quick and easy trick, that again, you won’t forget easily.

Let’s think about the symbols that have meaning. When you think about money, of course, the $ sign pops right in your head. Perhaps when you log into your webmail or email services, you’re probably thinking about the @ symbol. Or, for those who know what a hashtag is, you’re a social media user, so the # holds special value. Maybe you want to use the ? for your logins for school. Then there is always the ^, +, -, and _ for things.

Merging your categorization symbols to your new password is a snap now.

Putting It Into Action

  • “IgHSi1996#” … Social Media (Facebook, Twitter, Vine, Instagram, etc)
  • “IgHSi1996$” … Finances (Banking, utilities, billpay, etc)
  • “IgHSi1996@” … Email (Gmail, Yahoo, Hotmail, work and personal, etc)
  • “IgHSi1996?” … Educational (School, online courses, certifications, etc)
  • “IgHSi1996_” … Miscellaneous (Random stuff, kinda your go-to for loose ends)

Testing Your Password

So now that you’ve thought of a great password that you might use forever, and of course, forever is roughly 30-60 days in some environments, you should probably test it out. There is one particular website called Comparitech that I love to use to test and validate password strength, and you can test your password to see how long it would take to crack it. The example I listed above would take 23 years to crack, by the way.

Final Takeaway

If I didn’t tell you to change your passwords every 90 days or so, I would probably lose my Nerd Card. So, just do it every so often. Every 90 days seems tedious, but at least make it an annual thing.