In the wake of the Heartbleed bug saga, it’s pretty much a good idea to start changing your passwords across all online services. But I dare say that more than 80% of the time online accounts are compromised, the “hacker” had no special skill. The password was just too easy to guess. Because seriously “chichilove” does not really pass for a ‘password’ if your name is Chinwe and whenever you introduce yourself to people, you tell them, “just call me chi chi“.

Here are a few pointers to making your passwords very hard to guess, yet relatively easy to remember. I’ll be creating a model password using these tips and at each stage, will test for strength  using the Password Strength Checker.

More is Stronger. Be Unique

Obviously more characters equals stronger password. But be unique; “chichilove”, “iloveu” and “jesusislord” are too common. Also sequential digits like 123456 or any parts of your birthday are a big no-no. If you’re out of unique words, you can make one up, within context.

Say we wanted to create a model password for my Facebook account, we could use facebookissoboring. Maybe give it more characters by emphasizing ‘so’ with 5 o’s? And for uniqueness, spelling ‘book’ as ‘buk’ and striking off the g – facebukissoooooborin

Let’s test that out in the Password Strength Checker

Unhackable-Password-Tip-1-implementation

21% strength ain’t bad for starters.

Mix Lower And Upper Case

It’s always a good idea to capitalize every first letter of each distinct word in the password phrase – FacebukIsSoooooBorin

Unhackable-Password-Tip-2-implementation

73%. That’s triple the strength. And we only just got started.

Throw in some Special Characters

Mix in special symbols like ‘?’, ‘#’, ‘%’, ‘$’ and the like. Let’s replace S with $ and throw in a * as punctuation – Facebuk*Is$oooooBorin

What do we have:

Unhackable-Password-Tip-3-implementation

100% just like that.

We can still do better, though. Scrolling down the password strength checker page reveals a few more loopholes. That takes us to Tip 4

Implement Substitution Cipher

You could replace alphabets with similar looking characters. For example, replace A with 4 (or @), S with 5 (or $), O with 0 etc… Try not to overdo it though – F4c3buk*Is$oo0ooBorin

Notice how I replaced the centre ‘o’ in “sooooo” with 0 (zero), a with 4 and e with 3.

At this point, the password is pretty strong. But we can make it shorter (21 characters aren’t exactly “memorable”), without compromising strength. That takes us to tip 5.

Avoid Repeat Letters and Consecutive Lowercase/Uppercase Letters

An uppercase letter should always be preceded/proceeded only by a number, a symbol or a lowercase letter. The same goes for a lowercase letter. Also, if a letter occurs more than once in your unique phrase, their cases should be opposing.

So we could improve the model password like this: F4c3bK*Is$0BoR!n

The password’s is so many levels stronger now but it’s still 15 characters long. We can do better. Let’s add an apostrophe (symbol) and remove “so”. Noticed how I replaced “I” above?

F4c3bK’$BoR!n

Viola! Only 13 characters long and still the strongest possible. I think it’s pretty memorable too; it’s just a coded way of saying “Facebook’s boring”.

Change and Log out often

Change your password regularly: “Change” here doesn’t have to be dramatic. You could just replace a few symbols and switch capitalization. F4c3bK’$BoR!n could become f4C3bK’5BoR1n. Your unique phrase remains the same, but it has become a whole different password.
Log out once in a while:  Logging out once in a while will ensure that you have to key it in occasionally so you don’t forget it easily.

Use a Password Manager

If you’d rather not have to remember all these tips and passwords for different accounts, you should probably consider using a password managing app like LastPass. LastPass stores all your passwords locally and you only  have to remember one – the master password with which you log in to LastPass. LastPass is available for both web and mobile (premium). Of course there are alternatives to LastPass.

One more thing… just for the fun of it, let’s find out theoretically how long it would take a computer program – running all the possible permutations and combinations at full speed – to crack my model password. The  How Secure Is My Password service can help with that. Entering F4c3bK’$BoR!n into the field gives me…. wait for it…. 456 million years! Now how about that? As against “jesusislord” which will take only 10 days to crack. Of course this is all just theoretical.

So what do you think? Did you find this helpful? Are there any other tips I could have included? Let me know in the comments

Photo Credit: elhombredenegro via Compfight cc

Muyiwa Matuluko Author

Get the best African tech newsletters in your inbox