Contrive strong passwords based on what you already know
Some security experts instruct us to write down our passwords. Others say never write down passwords or share them with anyone except your friendly local IT staffer.

Both of those posts mentioned password-management programs, which offer to store your passwords securely, generate strong passwords that you don't have to remember, and prevent reuse of the same password by providing a unique one for each service you log into.

I prefer to create my own strong passwords based on phrases that are easy to remember. For example, everyone has memorized some nursery rhyme, poem, or song lyric. Simply use the third letter of each word in a line or two (either skipping words shorter than three letters or using the last or only letter in such words).

Applying that pattern to the opening lines of Bruce Springsteen's "Thunder Road" creates this password: eroarsei. Make it even stronger by adding the second line and inverting the two lines: kasenrersedaeroarsei.

The calculator at How Secure Is My Password? indicated that the first of the two passwords would take a PC only 52 seconds to crack, but the second would require 157 billion years to decipher, give or take an eon.


A 20-character password based on a mnemonic is secure despite the lack of varying cases, numbers, or nonalpha characters.


by Dennis O'Reilly,

October 9, 2012 10:07 AM PDT