Using “Three” To Create a Strong Password

• 20 June 2016
• by: Ben Johnson
• in: Cybersecurity
• Tags: cybersecurity, password
• note: no comments

If there is one thing we’ve learned from the hacks of LinkedIn, MySpace and most recently VerticalScope, it’s that people are really bad at creating strong passwords.  Whether it’s due to laziness or simply the difficulty of remembering complicated passwords, cyber-criminals are able to capitalize on this practice to hack into accounts or sell this information so that others can.  And since people often use the same password for multiple applications and websites, this gives hackers the potential to takeover accounts elsewhere as well.

 Hackers commonly look for passwords composed of:

• Words in the dictionary
• Dates
• Familiar sequences of numbers (e.g. 123456) or letters (e.g. qwerty)
• Information commonly found in social media updates (e.g. anniversaries, nicknames)

Face it, people use these as passwords because they make sense and are easy to remember. Unfortunately, though, it’s also relatively easy for hackers to crack them by using programs that quickly run through thousands and thousands of known options like those above.

To be safer, it’s crucial to have a strong password that takes so much effort to crack that it’s impractical for a hacker to attempt to. For a password to be considered “strong” it should really be a combination of lower and upper case letters, numbers and symbols, be at least 12 characters long, and NOT fit into one of the above categories.  It also needs to be changed regularly which, unfortunately, makes it even more difficult for most people to memorize.

So the challenge is to create a unique password that is easier for us to remember, but is nonsensical enough that it cannot be cracked easily. And we have to be able to change it and still remember it.

Here’s a “formula” that might help you create a strong password that not only will you be able to remember, but will also be very difficult to crack.  It’s based on the power of “3.”

Power of Three

Have you ever noticed how often you are naturally drawn to something composed of three things or divisible by three?  How many stars are in Orion’s belt and how quickly can you find it on a starry night? How many rows in an 18-pack of eggs? If you look at a picture of two triangles compared to one of three triangles, which gives you a sense of completeness? Count to 48 by three’s. Count to 48 by 4’s.  Which was easiest?

For most of us, the model of “three” is something we’re more naturally drawn to.  So to make a memorable password, create one made up of combinations of three.

Here’s an example:

Choose three things in your past that are somehow related, such as the elementary, middle, and high schools you went to (or three favorite cousins, etc.).  What are the first three letters or three initials of each?  Write those down, but capitalize the letter that corresponds with the order in which they came into your life (such as the order you attended the schools). Now put a number next to them ranking them from your most favorite to your least favorite. Now write down the three-digit number that creates. Next, to make things less predictable, put your favorite symbol (for example !) next to the most memorable one. Lastly, combine all the results.

The table below shows how this looks and the resulting password.

You’ve now created a password that makes sense to only you and would not be easily cracked.  It can also be remembered with a little bit of effort.  But the real trick to remembering it is committing it to muscle memory.  So once you’ve calculated your password, type it at least 30 times until it becomes ingrained (you might need to do this a few times). To more effectively memorize it, type it in the groups of three that you created – Spr…wAs…!…chA…231 – (like a dance step).

When it comes time to change your password, just move one of the groups of three to another position, such as 231SprwAs!chA.  (You can also change the three digit number as the order changes.) Again, type the new password 30 times or more until it becomes ingrained in your muscle memory.

Lastly, a good thing to do is have a different password for everything you log into. In this case, just add three letters from the application or website name to the beginning or end of your password (e.g. “Lin” for LinkedIn results in SprwAs!chA231Lin).

The key here is using multiple groups of three to create a unique password that you’ll be able to more easily remember.  Then repeatedly type it until it comes naturally when you need to enter it.