How to create a secure memorable password system

Originally posted January 2010. Updated September 2020:

To help prevent unauthorized access to personal information, many websites require a password that consists of six or more characters, numbers and letters, and uppercase and lowercase letters. Creating a password that meets the requirements and being something you can remember doesn’t have to be a challenge.

I have created a password system that you can use or modify to create memorable passwords. The most important part of the system is that a different password is created for each website.

If you currently use the same password for different websites, if the password or website gets compromised, hackers could access your data on all other websites that you use. That would be bad.

The system divides a password into 3 memorable parts that create a secure 10-character password when put together:

Part 1 – First 3 letters of my name [Mar]
Part 2 – First 3 letters of the website – (Yahoo would be [Yah], Google would be [Goo], Amazon would be [Ama], etc.)
Part 3 – 4-digit month & year of my birthdate [0468]

To summarize, my Yahoo password created under this system would be MarYah0468 – created by putting the 3 parts together. Notice that I use uppercase letters as the first letter of each part for added security.

If you’re using a website or service that had a data breach and you’ve been told to change your password, you could just change the 3rd part to reflect the current month & year:

Part 3 – 4-digit month & year that the password was changed [0916]

To summarize, my new Yahoo password changed due to a data breach in September 2016 would be MarYah0916

If you keep a written or typed password list, for added security you could write the name of the website and date, while using an underscore “_” or dash “-” for characters of the password that you’ve memorized without showing the entire password on paper and revealing your password to someone that you may not want to read your password list. For example, my written Yahoo password would be M – – Y – – 0 9 1 6

You should use your own variation of this system. Here’s some suggestions:

• Capitalize the MIDDLE or LAST letter in each part

• Use the first 3 letters of your MIDDLE or LAST name, the name of a loved-one – or your initials.

• For Part 2 remove the vowels from the website or service – Yahoo would be Ah, Google would be Ggl, Amazon would be Mzn.

• For Part 2 use the letter or character one key to the right on the keyboard – Yahoo would be Usj, Google would be Hpp, Amazon would be S,s

• For Part 3 of the system, use a 4-digit number from your graduation year, childhood phone number or street number, or any other number that you’ll remember for life. For added security you could use a different number based on the type of website – for example you could use part of your SS# for financial websites, a street number for shopping websites, your graduation year for social networking websites, and birth month+year for everything else.

• Add a special character such as [! ? # *] at the beginning, end or memorable location in the system. Alternatively you could use special characters instead of numbers by holding the shift-key when typing numbers – thus 0468 would be )$^*

• “Pad” or add something somewhere in your password that you don’t write down – such as putting a childhood phone number or zip code at the end of every password.

You may also want to visit the following website for ideas on creating a memorable password system: http://www.f-secure.com/weblog/archives/00001691.html