The Best Password Generator and Manager is YOU

Dear A & H…Today’s post has everything and nothing to do with running. It’s about your excellent method generating passwords, A. After you told me about it, I couldn’t believe how effective it was at creating countless and easily remembered passwords. I have a confession, though. I did tweak it a little. While out on a run, I had an idea for making “remembering” even more simple. (Makes me wonder…did I tap into a creative field which fueled Aristotle, Dickens, even Beethoven, in their day? Ah, to dream…) Anyway, I know it’s a weird topic for a running and health site but, if it helps someone save time which, in turn, helps increase weekly running mileage…yeah, I know, reaching. Still, don’t go changing my mind. Already pressed “Publish.” ت  

Origins of the “Best Password Generator and Manager”

Besides promoting health and endurance, another great benefit of a long run is getting time to think. Since both muscles and brain are on the receiving end of each pounding heartbeat, this is not surprising.

Such was my experience last year. I had no expectations from the long run planned but, by the time I got home, an easier way to remember all my passwords just kind of presented itself to me.

Prior to this run, I utilized an easy and effective strategy based on words.

Here are a few examples:

123plum*puddingamazon

123plum*puddingebay

123plum*puddingvisa

As you can see, the prefix (123plum*pudding) is the same, only the suffix (amazon, ebay, visa) is different for each unique password.

This method was taught to me a few years back and, ever since, has made managing passwords a breeze. It’s frustration-free and hassle-free because it’s based on two simple premises:

1. All passwords are similar because of the root word (123plum*pudding).
2. They are also all different because of a unique suffix that corresponds to a site’s name (amazon, ebay, visa).

What a revelation!

Ahhh…there were no worries. It was all rainbows and unicorns.

…until I started working on my website.

Oh, no!!!

The great big internet started looking more and more ominous. And, I was right to worry. Here’s a screenshot of hacking attempts. 😳

But, outside of usual website security plugins, what could I do?

The Quest for the Ultimate Password

Based on current recommendations, random letters, numbers, and characters are the gold standard to create the most secure passwords.

No words…if it’s in a dictionary, it’s off-limits (except for those classified as “trademarks,” i.e. eBay).

No “anything” that looks like it has meaning to the user.

In other words, it’s safe saying…

Dead…toast…sayonara.

Goodbye fond-but-distant-memory of the single word password with a few numbers thrown in for good measure. Ahh, the memories…my first one was a fish’s name with two numbers…the good ‘ol days.

Not really a surprise, though. Bill Gates predicted as much over a decade ago. Today’s passwords are really passcodes (i.e. strings of long random letters, numbers, and characters).

But, how the heck do you remember a string of nonsense?

Not only that but two, three, twenty+ strings of nonsense, each one unique for every site we subscribe to.

(Note: For simplicity’s sake, I’m just going to use the word “password” from this point on. It’s a familiar word with a well-defined purpose. We all know what it stands for.)

True, there are sites that save passwords so we don’t have to remember them (AKA password managers). That’s an option. But, that just not appealing to everyone, especially me. I just want to remember all my passwords like I always have. Just me. No middleman.

Is this asking too much? Is asking for a password that’s simple, unbreakable, and doesn’t have to be changed every couple of months like hoping for running shoes that never get discontinued?

Does Such a Beast Exist?

Yes, there is such a beast!

It is doable and realistic.

I might even venture to say that an infinite number of passwords can be created AND (drum roll) don’t need to be written down to be remembered.

This is what came to me while running that day.

Not only that, passwords can also double as daily positive affirmations.

I know, kind of corny, but it’s part of the method!

This is how it all works.

How To Create an Infinite Number of Memorable Passwords

To illustrate the steps needed to create unbreakable but memorable passwords, we’ll help Jack (pictured on the right) create two, one for personal use and the other for work-related logins.

Starting with his personal password, we’ll honor industry recommendations and create one that’s at least 8 characters long.

The Steps

Note: Steps 1 through 5 help with the development of a password root. Step 6 takes this password root and “dresses it up” to make it unique for any site it’s used on.

1. The goal when developing an unbreakable password is to make it look like nonsense.

ex. 46dyxt&87!!

True, that does look unbreakable but, it’s safe to say, it also looks intimidating and darn near impossible to remember until, that is, you make it all about YOU.

Reaching this point, developing your password now becomes as easy as Da Vinci’s proclamation, “Simplicity is the ultimate sophistication.”

Hey, let’s start with that!

2. This is one of Jack’s favorite quotes that nobody knows about so it’s both (1) easy for him to remember and (2) something no one will associate with him.

Looking again at Leonardo’s quote,

“Simplicity is the ultimate sophistication,”

Jack’s starts creating his personal password’s framework by writing down the first letter of each word as they appear in the sentence:

situs

3. Next, he randomly assigns capitals.

siTus

4. Then, numbers are added.

This also needs to be significant to Jack but not something which is known about him. For example, maybe he’ll choose numbers which are part of his favorite aunt’s address or the number of cats she owns.

After only a few moments thought, though, Jack forgoes his aunt’s address and beloved cats and decides on “49” because the 49ers were the team who won the first football game he ever watched live at a stadium.

That decided, he places these numbers at the center of his growing password because, even though he could place “49” at the beginning or end, even splitting them up, having them at the center is easiest for him to remember.

siT49us

Note: It’s worth stressing that social security numbers, birthdays, current house numbers, phone numbers, or account numbers should never be used.

5. Finally, characters are added.

This is the tricky part because not all characters are available for creating passwords on all sites. The ones I’ve had the most luck with are the following: # & % @ ? $ ! ( ) – + ^ (but, realistically, this likely changes on a regular basis).

Other characters are not forbidden, but the goal for Jack today is to create just one personal password.

Considering his options, Jack finally decides on # and @. And, just like when he added numbers in step #4, he places them where it’s easiest for him to remember. In this case, he decides to split them up:

#siT49u@s

Friendly reminder: Characters can also be placed at the beginning, middle, or end of any password.

That’s about it for the foundation, or root, of Jack’s new personal password. It’s random but created around several things important to him to help make it memorable.

6. Adding suffixes creates uniqueness.

What will now make Jack’s password root completely unique for each site he visits will be the adding of different suffixes.

For example, when he visits Amazon.com, his password will look like this:

#siT49u@samazon

The suffix, amazon, is simply tacked on to the root word, #siT49u@s, to make a completely unique password for when Jack wants to access his Amazon account.

Likewise, when he uses it on eBay, it will look like:

#siT49u@sebay

Similarly, when he signs into his personal Gmail account, it follows the same pattern:

#siT49u@sgmail

In summary, Jack’s easily remembered password root is based on a favorite quote, a couple numbers that have meaning to him, and two characters thrown in for good measure. Then, when he adds a suffix that corresponds to the site he’s visiting, he has available to him a completely unique, secure, and easily remembered password. Not only that, this method allows him to remember an infinite number of passwords without writing a single one down. Yay!

Note: Switching things around can provide even more peace of mind. For example, the password root could also be used as a suffix:

amazon#siT49u@s

ebay#siT49u@s

gmail#siT49u@s

Or, the password root could be split down the middle and the site’s name placed there.

#siT4amazon9u@s

#siT4ebay9u@s

#siT4gmail9u@s

It’s up to the user. But, remembering all these passwords requires consistency, meaning, decide on the format that works for you and stick with it. In Jack’s case, he decided to create all his unique passwords following this format:

#siT49u@ssitename

And, if he ever forgets his password, all he has to do to jog his memory is recite his favorite Da Vinci’s quote:

“Simplicity is the ultimate sophistication.”

However…

Forgetting can almost be completely avoided if Jack makes it a habit to say this quote in his head each time he types his password. And, as a bonus, this silent recitation keeps him grounded because it’s not only his favorite quote but his favorite positive affirmation. 🙂

Yeah, I know, kind of corny. 😄

Making a Password for Business Use

I find working with two password roots ideal, one for personal use and one for work. This serves two purposes. One, it brings about more variety to passwords used on a daily basis. Two, because of this increase in variety, it offers wonderful peace of mind.

To create a password root for work, the same steps used to create a personal password are followed except, instead of a personal or famous quote, some statement related to work is chosen. For example, Jack is a microbiologist so he decided his password would be his secret mantra:

Healthy flora makes for a happy person.

So, as was done to create his personal password root, Jack starts building his business password root by lining up the first letters from each word in this statement:

hfmfahp

Then comes some capitalization:

hFmFhp

Next, a few numbers. For Jack, he decided to take the numbers from the address he lived at during his last year at college: 106 Maple Street, #7.

106hFmFhp7

Finally, some characters:

(106)hFmFhp7!

Done.

To anyone but Jack, this looks like a mixed-up jumble of characters. To him, however, it means a great deal which makes it memorable. And, like he did to make his personal password unique, a site’s name is added. Of the various options for placement, namely, beginning, middle, or end, he decided on placing sites’ names at the beginning. This is what it looks like.

For his work Gmail –

gmail(106)hFmFhp7!

For his work-associated USPS.com account –

usps(106)hFmFhp7!

Etc.

Jack is relieved.

He has access to passwords for both personal and work-related use that look exactly like those recommended for safety: (1) they look like nonsense and (2) they’re all different.

In brief, after only a few minutes time, using his personal history and a few simple rules from, of all things, language arts, Jack has access to an unlimited number of unique passwords for every site he visits.

What’s more, Jack makes his personal and work-related logins even safer by changing both password roots every 6 months.

Hackers don’t have a chance with him.

That’s It

Pretty straightforward once you get the hang of it.

There’s one caveat, however. Transitioning from older passwords to updated ones can be a bear. Trying to remember which sites have the new password vs. which have the old is a lot to remember. To help with this, keeping a log can be helpful. It doesn’t have to be fancy, just a simple two-column list with “personally visited sites” on one side and “business-related sites” on the other will do.

Granted, keeping a running transition log is not a necessary step but, once it’s complete, it’s kind of interesting seeing ALL those sites. Thankfully, with this password method, only brainpower is needed to unlock them all.

Hope it works as well for you as it does for Jack and me. 🙂

Just for fun, you can test the security of passwords here.

To your many happy years of security and peace of mind.

---

So, A & H, it’s time for a good long run to “think” about my next post. Hope I can tap into that creative field again. But, in all honesty, a grassy field is nice, too. ت  Until my next letter…

Much love, O.M.