On most serious websites guidelines to make passwords include not to use pet names, birth dates, wedding dates and words on dictionaries because they are too easy to guess and can be easily cracked to get access to your account.
Snapshot of security question asked by Facebook
What really amazes me is that after you pick a (hopefully) hard to guess password and possibly not easy to remember the very system asks you for a “security question” to help you case you forget your hard-to-guess password and these questions are ofter as stupid as your pet name, which is precisely the kind of thing that you should avoid as password.
What is the use of having a hard password but leave a door open for people to crack in when they know your pet name or the time you were born? Come on! For this level of security you could as well use your pet name as password, at least the system doesn’t hint the cracker saying it wants a pet’s name.
Now, how can we turn this to any kind of advantage? By creating a password that is about impossible to guess and easy to remember.
Step 1 – Pick something easy to remember
The first thing to do is to take a word, a sentence, the first verse of a song, a line on a movie, the name of a book you like or whatever you might find easy to remember. For this example I’ll get the Beatles song “Strawberry Fields Forever”.
Step 2 – Pick just the letters that make more sense to you
In any phrase, there are letters that are more obvious than others, this is more ore less the same to everybody, but a little randomness might appear on this step. some simple choices could be
But you could as well take something more deterministic, like the first and last letter of every word or use some numeric shorts for words.
Yes, deterministic, but who could guess this if you don’t tell what rule you are using?
Step 3 – Shake thinks a little bit
Get used to some transformations of letters that make sense for you. For instance you can use ‘@’ instead of ‘a’. You can use ‘$’ or ‘z’ instead of s. You can use ‘!’ instead of ‘i’. Chose half a dozen transformations that make some sense to you.
To add some more spice the second letter (not character) will be caps.
After the transormation ‘syfs4er’ could become ‘$yFs4er’.
Now you can use this string as both your password and your security question, which makes sense because both grant you the same access and it is absurd having two different passwords to the same thing.
If you forget your password and the system ask you what is the answer to “What is your favorite song?”, it would be an easy to remember word or phrase and a couple of transformations that are the same throughout all your passwords and as long as you keep this rules to yourself you can even said it loud what is your favorite song, but I’d chose a song that is not my favorite, just to add a little bit of extra security.