Strong, Easy to Remember Passwords. Is it possible?

August 6, 2013 12:29pm

When I setup new WordPress sites for my clients, I often give them a password such as “okaythisisyourpassword”. Something easy to remember at first, but which I also explain should be changed immediately.

I like a password like m0un10cl$ or imh4hsb#HAN. But who can remember those crazy combinations of garbledy-gook? And why is it so important, really, who’s going to hack into my site?

Well, first the bad news. People are trying to hack into sites all the time. Or rather, humans are using robots to surf the web and try and hack into websites all the freaking time. Right now, and in ten seconds. Yesterday, tomorrow and all next week. While we’re enjoying Labor Day weekend later this month, robots will be scanning sites looking for login forms and trying to smash through, typically using default settings like the username admin (which I never use on my clients’ sites) and then passwords like password.

As to why it’s important, well aside from the fact that if you do get hacked, they’ll probably foul up your site in a way that’ll cost you possibly hundreds of dollars to fix, but also because nearly every WordPress site has personally identifying information held within. Especially if you allow people to register on the site, and then they enter their email address, and all along you’ve been telling them “We don’t share your email address.”

You’re in a legal grey area if that info gets distributed, but rest assured it’s grey enough to get you in big trouble if the right person’s lawyer got serious enough.

So then, the good news! The passwords above can actually be really easy to remember. Here are two fool proof methods for creating badass passwords that you can commit to memory.

The Ol’ Digit Switcharoo

So looking at our first example, m0un10cl$. Looks pretty complicated, right?

Here’s how it was constructed though:

1. I took the word mountain.
2. Changed it to m0un10. Note that I don’t take words like snake and turn them into 5n4k3 though, aka “Leet speak” (or rather, “l337 speak”), as evil robots are hip to that, it’s essentially their langauge.
3. Added the first two letters of the website in question’s domain. So if we were signing up for an account here at clicknathan.com, we add the “c” and “l”. Now we have m0un10cl. 8 letters is the minimum recommended.
4. Finally, just throw a dollar sign on the end for that extra touch, you end up with m0un10cl$. That’s a pretty secure password that you can easily remember.

Even Better, the Memorable Sentence Acronym Method

Our second example password above was imh4hsb#HAN. This is theoretically even more secure. Here’s how it came to be.

1. I started with a sentence, something I could remember. Mine was, “I married her for her strong back.”
2. I then took the first letter of each word in that sentence, which gave me: imhfhsb
3. It’s easy to then change the “f” in that to a 4, giving us a number thrown in: imh4hsb
4. Top that off with an extra character you’ll always remember, such as the hashtag / pound symbol. Now we have imh4hsb#
5. And finally, this time around I’m using the last three letters of the domain name, capitalized (“HAN”). This leaves me with my final amalgamation: imh4hsb#HAN

That’s a pretty solid password and I could bring myself to easily remember it. I could even probably get a little more intense with things, but those are two fine examples to launch you into the upper elite class of super computer users.

Up Next: PushPage Vector Logo