How to create and remember strong passwords

Digital life is way more complicated today than in the 1990s when even a hilarious password like "abc123" would have served the purpose of securing your digital access. But that's no longer the case today. Not only do we access way more websites and apps today but the digital environment has also become a lot more sinister.

Cyber crime has become a real threat today and bad elements are constantly in a race to lay their hands upon your private data using any means possible. In such a scenario, a weak password is only going to offer them low hanging fruits. It is so important to have a strong password today that most systems will prompt/warn you if you try to set a weak password and will most likely even stop you from doing so.

But what kind of strong password should we have? In my last organization (which is a reputed Indian IT company), many users used to have passwords like "January", "February", etc. but that was early 2000s. Come mid-2000s and our admins had become smarter, so they made the servers insist on alpha-numeric passwords with special chars. Now, our folks started using "Jan@123", "Feb@123", etc.

It may sound laughable but people in many organizations still have such weak passwords even today, they follow the "alpha-numeric plus special chars" rule only because the system requires them to! Now, whether its home or work, you should always refrain from having such weak passwords because they can be easily broken, lest bad elements ever lay their hands on the encrypted data.

Now, one way of coming up with strong passwords is to use password managers like LastPass and KeePass. They are great apps that generate randomly strong passwords such as sp@4$rUzI and pS#&qVX72 and even save them against your login for each website/app in an encrypted file. But to encrypt that file, you'll still have to manually come up with a strong and good password yourself!

An obvious thing to avoid is using common words like House, Red, Wallet, Paper, January, February, etc. These are all common English words and subject to dictionary attacks. Even substituting some characters with special chars to make them easier to remember is wrong. For example, H0u$e has zero number instead of the letter "o" and $ sign instead of letter "s" but it is still a common word and that substitution is also a common pattern.

Of course, human minds aren't designed to remember completely random things, we remember stuff only through patterns. In fact, patterns are the very thing that help us remember what we want to remember! So, instead of trying hard to cram a random password like a4*&pxz, a much better idea is to take a common sentence which truly inspires you (to ensure you never forget it!) and then base your password on that. An example sentence is the following quote by Swami Vivekananda:

You cannot believe in God until you believe in yourself.

You can now create a new password by taking the first character of each word like this:

YcbiGuybiy

Now, how about having special chars for more randomness? For this you can have a mental rule to have a caret character (^) between the password chars like this:

Y^c^b^i^G^u^y^b^i^y

Now for numbers, one idea is to add a constant number (such as your vehicle number or graduation year) followed by a temporary number (such as the current year in which you set that password). For example:

Y^c^b^i^G^u^y^b^i^y19952020

Lo and behold, you have a now created a strong and random password!

If you have trouble remembering the mental substitution rules (add the caret separator, followed by two specific numbers), you may write that rule on a paper until it becomes a habit. Unlike English dictionaries, these arbitrary rules cannot be used to crack any passwords, decades of innovation in AI technology is needed for that.

One limitation of this technique is that you can have only one password out of one motivational quote or sentence, and you may know only few of them. But on the other hand, its a great idea to learn more and more motivational quotes. Even if they don't serve their purpose, at the very least they will help you create strong passwords, isn't it!