Estimated reading time: 5 minutes

Do you struggle with passwords?

Passwords can be a pain to manage, which is why a lot of people create only one and use it everywhere. Or they use useless passwords, such as “password” and “123456”. But it doesn’t have to be that way. Sure, you can use password managers such as Dashlane, Sticky Password, or LastPass, and they are perfectly fine solutions. You can even use the password management that’s built into Chrome and follows you around as you log into your Google account. Or you can develop your own system of password management that doesn’t require anything more than remembering the rules you establish–no software to install, no keys to store, no roaming profiles. Just your memory!

Ok, it’s important to have a failsafe. Accidents happen, after all, and the human memory is more fragile than a lot of us would like to admit. So I’ll offer a couple of suggestions about how to ensure that if your memory goes for some reason or other, you still have access to your passwords. And even if you don’t create a failsafe, most applications and services offer a “Forgot your password?” feature to recover access to your account when your memory fails you–as long as you can remember the password to access your email, that is. Now, on to the fun stuff!

There are as many ways to approach developing memorable passwords that meet complexity guidelines as there are passwords themselves. The key to any scheme is not so much remembering the password itself, but remembering your cipher. With a good cipher, you can create passwords from common words, addresses, names, etc, which are much easier to remember than something like W@tyU#b4v*7t. Let’s say your grandma’s name is Norma Wilcox. Now, using her name as a password normally wouldn’t work, but since you are going to disguise it, it can. And since it’s your grandma, you’re not going to forget her name. So let’s develop a cipher and turn her name into a complex password.

For the cipher, I’m going to convert the letter “o” into a zero and the letter “a” into an @ symbol. Now Norma Wilcox becomes N0rm@Wilc0x. This alone will meet the complexity requirements for most websites and services, as it has at least one capital letter, one number, one special character, and exceeds eight characters in length. Now you only need to remember your cipher. If you are concerned you might forget which name goes with a particular service or website, you could actually store the name and the account together, since without the cipher the password is useless. It’s the tried and true method of separating the lock from the key. For maximum security, I of course recommend you do not do this. However, if you are concerned your memory cannot be trusted, create a stronger cipher than the example before you store your list.

What’s neat about this system is you can create really long passwords, increasing complexity and security, without overtaxing your memory. For example, I can use a phrase or a sentence that is memorable and simply apply my cipher to make it complex. Let’s take the phrase “all dogs go to heaven.” If I use the cipher from the previous example, I get a password that looks like this:

@lld0gsg0t0he@ven

Since most services require a password that also contains a capital letter, the initial letter to one of the words could be capitalized. If I really wanted to strengthen this password, I would increase the complexity of the cipher. For instance, I could change the letter “l” to an exclamation point or a number 1. I could decide to capitalize the last letter of each word or make every fourth letter a number. It really doesn’t matter what you do, except develop a good cipher and apply it uniformly to all your phrases so you have memorable passwords that are complex. Some of my passwords are thirty characters long, but because they are a phrase with a cipher applied, I can easily remember them.

For the most robust security, it’s best to have a different password for every service. That way if a hacker correctly identifies a password to one of your services, that is the only service he is able to access. So how do you remember which of your password phrases goes with each service? One way to keep these straight is to create passphrases that correlate with the service. If I subscribe to Spotify, I could create a password such as SpotifyRocks! Then if I apply the cipher from our very first example, I’d have a password that looks like this:

Sp0tifyR0cks!

This would easily meet the password complexity requirement for Spotify and it’s easy to remember because it’s tied to the service.

When it’s offered, I highly recommend you take advantage of two-factor authentication. This strengthens your security even more because the person trying to gain access to your account(s) has to have your password and access to the the second authentication method, which can be a code sent via SMS to your phone or a code you enter from an authentication app, such as Microsoft’s Authenticator or Google’s Authenticator. Combined with a strong password, two-factor authentication increases security by up to 100%.