Securing Information
Strengthening Business

How to Create Strong, Memorable Passwords that are Really Difficult to Crack

How to Create Strong, Memorable Passwords that are Really Difficult to Crack

Following on from my earlier blog ‘ How to create strong memorable passwords that are difficult to crack ‘ this article takes the theme a bit further, by using the strong memorable password / passphrase that you have already created to create more, for use with all your different online accounts.

To help us do this, we are going to use a technique that is known as salting .

We’re talking passwords for the ordinary Internet user

Before getting into the simple technique of salting, it is worth taking a moment to explain why you might want to bother to follow these particular password creation techniques and what these techniques are for.

First of all, these simple techniques are aimed at just one group of people that just happens to be the largest group – the ordinary Internet user. The average Internet user will want to use the Internet for shopping, email, facebook, banking, gaming etc. Some might even see the Internet as their friend. The problem is that there are bad people on the web who are definitely not your friend and they can make the Internet a much less friendly place. Using simple passwords can give the bad guys an open door to your online life. Using strong passwords for your online accounts is a start to help keep these cyber criminals otherwise engaged.

So, very briefly, the techniques I discuss below:

  • Are for the ordinary Internet user
  • Are easy to remember
  • Can use memory joggers or notes
  • Will make it more difficult for a cyber criminal’s computer to work out your password
  • Can be used to make long (which is better!) or short (but not too short!) passwords
  • Do not stop someone looking over your shoulder
  • Do not stop you sharing your password (either deliberately or accidentally)
  • Are not the only way to create passwords – there are other ways!!

One more thing… As an ordinary user, you may not know about how cyber criminals go about attacking Internet users – they do have many techniques. Future blogs will look at other things that you can do to stay friends with the Internet.

The password salting technique

First, let us create a password using the previous technique ‘ How to create strong memorable passwords that are difficult to crack ‘. We will call it your master password .

Master password = 6GCtMT9 DB

The password is based on the song ‘Space Oddity’ released by David Bowiein 19 69 . It mixes the initials of the individual opening words’Ground Control to Major Tom’ [ GCtMT ], the year the song was released [ 69 ] and David Bowie’s initials [ DB ].

Now, if you are happy that this is a fairly strong master password at 9 characters in length, including a mixture of figures and upper and lower case letters, then you could use this as a password for a single online account in itself. The problem however, is that most of us will normally have many more than one account and it is a bad idea to use the same password for different accounts. Why? Because… if for any reason your password ends up in the wrong hands, then it could be used without your knowledge to access your other accounts. So we need more passwords and this is where the salting technique comes in.

Let’s say you have 4 accounts that you want to have different passwords for. Let’s use seasons (pun intended) for your imaginary accounts: spring, summer, autumn and winter.

We can salt your master password for each of the accounts in a number of ways.

For example:

spring 6GCtMT spring 9DB 6 spr GCtMT9DB 6GCtMT9DB SPR
summer 6GCtMT summer 9DB 6 sum GCtMT9DB 6GCtMT9DB SUM
autumn 6GCtMT autumn 9DB 6 aut GCtMT9DB 6GCtMT9DB AUT
winter 6GCtMT winter 9DB 6 win GCtMT9DB 6GCtMT9DB WIN

It really is as simple as that to salt your master password and you can choose your own way in which you want to do the salt. You can choose salts that make sense to you, you can write them down, you can choose where to add the salt and even split it across the master password.

Keep your master password a secret

IMPORTANT – The key point to note if you are going to use this technique, is that you must keep your master password secret. It is therefore a very good idea not to use your master password without a salt for any account.

And change it from time to time

And finally… Remember – it is not good to keep the same passwords (even with salts) for a long time as you can never be truly sure that they have fallen into the wrong hands. Go ahead and use your salts as before, but do change your master password every so often.

There is much more information online regarding salting with a good starting place being the old favourite, Wikipedia . If you want to find out more about salting, then make sure you search for salt, salts and salting in relation to areas such as cryptography, hashes and passwords.

Good luck.

Article by Bert Curtin, Senior Information Assurance Consultant at Ascentor

Photo by Bindhiya Bindhu on Unsplash

Other articles you might like:


For Further Information

If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.

Please use the contact details below - also found on our Contact Us page.


Fields marked with an * are required
Share this:

You may also be interested in:

Ascentor’s cyber security review of 2020

2020 wasn’t the first year where a virus emerged causing large scale disruption and opportunities for cybercrime. It was, however, the first time

Cyber security myths putting SMEs at risk

SMEs have long been a favourite hunting ground for cyber criminals. Big enough to be of interest in terms of data held and yet often small enough not

Cyber security myths home workers fall for

From King Arthur to the moon landings that (allegedly) didn’t happen, it’s surprising what people want to believe without any real basis in fact.