How to Create and Manage Your Passwords the Smart Way
In this guide, you’ll learn how to create unhackable but memorable passwords and PINs the smart way. You’ll also learn to manage passwords strategically.
How many times have you clicked on “Forgot password” and had to go through the password recovery process?
Have you been in a constant dilemma of choosing a unique PIN for each account at the risk of forgetting it? With so many services going online, it’s often difficult to keep track and secure our access keys.
Fortunately there are smarter ways to manage your passwords, PINs, and other access keys.
Using unhackable, but easy-to-remember passwords and PINs, as well as using a secure password manager, you can securely but conveniently store and retrieve access keys without a fuss.
- A password’s strength is measured by its length and complexity. Even adding a few characters can exponentially increase the time required to crack or guess the password.
- It’s possible to create a strong password with enough length and complexity – whilst still being easy to memorise by connecting a string of unique phrases and numbers that are unique to your experiences.
- Consider using password managers, applications that make it easy to create highly secure passwords and secure your account credentials online.
What makes a good password?
What makes a password secure is its length. One of the ways a hacker steals a password is through a brute force attack. This means they’d have a powerful computer that is able to quickly guess your password and for a theoretically unlimited number of trials.
Additionally, adding an extra character will exponentially increase the required number of guesses until the password breaks.
Think of a 4-digit combination lock. Each digit can represent a possible number between 0 and 9, so a brute force lockpicker would have to try a maximum 10000 times to break the lock. This is 10 times more secure than a 3-digit combination lock (with a maximum guess of 1000 times).
Many websites make it mandatory for you to create a password with at least 8 characters with at least one upper and lower case, and at least one number.
Fun fact: If we do the math, the hacker’s computer will have to guess 62 possible characters over 8 positions, or 62 to the power of 8, or 218 trillion guesses.
This may seem like a lot of guesses, but computers these days are getting faster at number crunching. Unfortunately, 218 trillion guesses would take a modern computer a maximum time of 7 minutes to crack!
Fortunately, adding two more characters will increase the code-cracking time by 4 hours, and adding three more will increase the time by 8 days. At this point, it just becomes impractically expensive to run a machine for days.
How to create memorable but strong passwords?
If length is king, what’s stopping us from using this as our Easy Crypto account password?
While this password has an impressive 38-character length, this is a very poor password. There are 4 reasons why it’s a poor password:
- The password contains whole words from a dictionary
- The password contains common words
- The password contains words that are related to the service provider (i.e. “easycrypto” or “easy crypto”)
- The password contains predictable numbers (e.g. “123”, “321”, “101”)
Apart from a brute force attack, a hacker can complement this effort with the dictionary attack. The dictionary attack algorithm will use a table of dictionary words and common words.
While each character in the password occupies one of 38 positions, in reality the algorithm may actually pick up just 8 positions for which to guess using brute force. This makes the password quite weak.
The – password – for – my – easycrypto – account – is – 123
But this password is so memorable! What if there is a way to inherit this password’s memorable feature and still make it secure?
Easy — just pick the first two letters or numbers of each word in this password, and combine them together to create one string of password:
Sure, the length gets reduced to 16 characters, but each character counts to the overall strength of the password. Best of all, it’s resistant to dictionary attacks.
Of course, I still wouldn’t recommend you to use Thpafomyeaacis12 as a password for your Easy Crypto account or any other account.
Why? Simply, because it’s now out in public for thousands of pairs of eyes to see each day. Never create a password and publish it online!
So, your challenge now is to create your own unique but memorable sentence, and add a couple of numbers into the mix.
It could be a line from the lyrics of your favorite song or poem. It could be a quote from your grandmother. Or something you would say to your son-in-law at your daughter’s wedding.
How to create a memorable PIN?
PINs are tricky to memorise because they are just made up of numbers, and they tend to be short. Even though they are short, most input programmes for PINs often don’t allow three or more failed attempts.
So, for a 6-digit PIN, the attacker will have a 0.0003% chance of inputting the correct PIN whilst limited to 3 attempts. (I didn’t make up the number; it’s calculated using permutations of 106 possible inputs).
As secure as it is, PINs can become vulnerable if you use predictable numbers. For example, if you use your birthdate (e.g. 070891), an attacker can begin with any permutation of the three special numbers in your life. That’ll increase their chances of guessing the PIN correctly.
That’s equivalent to a dictionary attack, but for numbers. To avoid this, you can use a couple of techniques.
1. Remembering keypad positions
Before creating the PIN, visualise a chessboard pattern on a regular number pad (i.e. three rows and a zero at the bottom). Pick one number and a chess piece. Let’s pick number 2 and a rook. You then decide the movement of the “chess piece” across the keypad.
Let’s imagine the rook moving from 2 to the right, landing on 3. It then moves down to 6, then 9, then up to 6 again, and then crosses left to 5. You will end up with 236965.
You can do this with other chess pieces (e.g. the knight or the queen), and use their legal moves in chess. Try to make a slightly more sophisticated pattern compared to say, 1-2-3-6-9-8. That’s probably equivalent to using “password” as your password.
2. Using a mnemonic major system
Mnemonic major converts numbers into memorable consonants — but not necessarily the letters in the alphabet. For example, the numbers 1, 2, 3, are associated with the sounds t, n, and m, respectively.
If I were to memorise “123” using mnemonic major, I’d read that as “t-n-m” and off the top of my head I remember “tuna mayo”, my favorite sandwich filling.
There isn’t a standard way to define each number to a sound. Check out the Wikipedia version here. My version is similar to what you’d see on Wikipedia, but it’s (arguably) more memorable:
|Number||Associated letters||How to remember|
|0||L||A losing team with a score of 0 gets the L finger for ‘loser’.|
|1||T, D||T, t, D, and d has one vertical stroke.|
|2||N||2 turned 90 degrees clockwise looks like N|
|3||M||3 turned 90 degrees counterclockwise looks like M|
|4||R||4 seen in the mirror looks like an R; the word ‘four’ ends with R.|
|5||S, Z||5 looks like an S.|
|6||J, CH, SH, G, NG||6 looks like G for ‘gigantic’. CH, SH, and J sound similar to G in this regard. The NG in ‘long’ can fall within this group.|
|7||C, K, Q, X||7 in the mirror looks like a C for ‘cut’, or K for ‘king’.|
|8||B, P||8 cut in half looks like a B. P and B have similar sounds.|
|9||F, V||In music sheets, the F clef (bass clef) looks like a 9 with two dots. V and F have similar sounds.|
Note that the consonants Y, H, and W are often either silent letters or sounds too similarly to a vowel. We usually ignore these three letters, like so:
Watermelon wearing a yellow hat
T R M L N – R NG – L L – T
= 1 4 3 0 2 4 6 0 0 1
Before creating a new PIN, think of a memorable sentence or phrase. Pick only the consonants of the phrase, and convert that using the table above. For example:
Antony is cool → N T N S C L → 2 1 2 5 7 0
If you ever forget your PIN, you can simply remember your backup phrase off the top of your head. Then type down your PIN as you spell out the consonants of your backup phrase.
Using password managers
Using a password manager is recommended for storing many passwords securely. Your passwords are hashed (encrypted) with your primary password used for logging into the password manager.
The caveat is that if you ever lose the primary password, you won’t be able to recover all the passwords in your vault or password database. This is why you need to use a password manager strategically.
Read more: Check our top 5 picks for password managers.
Using a password manager doesn’t mean that you’ll remove the responsibility of remembering all your passwords. You will have to remember some passwords that you can’t store in a password manager.
However, the amount of passwords you’ll need to memorise will be significantly lower if you use a password manager.
Remember, when using a password manager it’s important to keep in mind the following things:
- Your primary password to your password manager.
- Your email password, which is used to recover most of your passwords.
- Your financial services card PINs.
- Your hardware crypto wallet PINs.
Do not store your hardware crypto wallet recovery words. Write it down on paper or use a recovery word storage system, and then store it in a safe location.
You can store everything else with a password manager. Obviously, there’s no point in storing your primary password in a password manager — if you forget it, there is no backup.
Using a password manager, you should store only passwords which you can easily recover with your email address in case you lose your primary password.
You should treat your email with the highest level of security as many accounts rely on your email for backup and recovery. You should change your email password every few months, and use the above method to generate a memorable and secure password.
Your ATM and credit cards are technically backed up by your financial services provider. However, the access recovery process is often time-consuming and may cost you some service fees. Therefore, it’s best to keep it in the brain.
The same goes for your crypto wallet PIN, which is backed up by your wallet’s recovery words. Your wallet’s recovery words should NEVER be stored digitally, in case your device gets compromised by malware.
Storing your recovery phrases
Another way to store your hardware wallet’s recovery words is by using the Cryptotag Zeus Starter Kit or Cryptosteel Capsule Solo.
These are intuitive tools to forever store your backup phrases, and are easy to set up, store, and use in case you lose access to your wallet.
Check them out: Visit the Easy Crypto shop.
So, there you have it! You’ve learned how to create easy passwords that are hard to break.
You’ve also learned how to store passwords responsibly, and strategically remember just a few access keys to make your life easier.
If you find this article helpful, share it with someone who needs to read this!
Further reading: Explore more topics on security in our learning hub.
Make sure to follow our Twitter, Instagram, and YouTube channel to stay up-to-date with Easy Crypto!
Also, don’t forget to subscribe to our monthly newsletter to have the latest crypto insights, news, and updates delivered to our inbox.
Disclaimer: Information is current as at the date of publication. This is general information only and is not intended to be advice. Crypto is volatile, carries risk and the value can go up and down. Past performance is not an indicator of future returns. Please do your own research.
Last updated January 20, 2023