Creating a secure password the easy (and logical) way

C

Passwords are hard. My mom has had the same password since her first email account at work (90s). She used the same methodology for her password as she did my initial password.

As someone who has spent time in the security field I’ve realized how important a secure password is, particularly when I have access to numerous admin-like credentials.¬†Password managers are great, but sometimes they’re not as usable as we’d like them to be.

So, here’s what I tell people: Each year, pick your current favorite song (with lyrics); find your favorite lyric, or a memorable lyric, within that song. Right now, I’m listening to Gun by CHVRCHES.

Lyric of choice: “Hide, hide, I have burned your bridges; I will be a gun; and it’s you I’ll come for”

Take the first letter of each word: hhihbybiwbagaiyicf

Bam, secure password. But let’s make it more secure, and unique to each website we visit.

I have a login to several things: Amazon, Uber, Gmail, HackerNews… I associate each with a domain name, amazon.com, uber.com, gmail.com, ycombinator.com (though it lives on a subdomain of news) respectively. We can use these domains to add more entropy to the password.

My favorite number right now is 3. For each domain, I’ll take the first and last letter of each and put them aside to inject into my password after the third character (because favorite number is 3): an, ur, gl, yr.

But passwords often need a special character, or even multiple. For each line of the verse, I’ll denote its ending with an alternating # or !, but only after I replace any i-s with a 1 (so I have numbers), and capitalizing the first letter of every verse.

My final password for Amazon is Hh1azhbyb#1wbag!A1y1cf

There, the password manager for the rest of us.

By Josh