In the modern age of technology we live in the most important piece of information is your password. It unlocks everything digital about you (which today is pretty much everything) and if someone were to crack it, you would be in a heck of a lot of trouble.

The general consensus of password choosing is that you should choose something longer than 8 characters, choose something unique, mix numbers, letters and symbols and don’t use the same password twice. Yeah, I can’t remember where I put my car keys this morning, I’m expected to remember 10 (or more) passwords with those criteria. Not happening!

The other alternative is a password service. LastPass and the like offer to secure all your web logins for you, all you have to do is remember your LastPass password. That’s great, but what if someone gets access to your LastPass account?

Based on all this, and my many years of choosing passwords for various services, I think I’ve come up with a pretty secure way to meet all the password requirements above, without having to rely on anything other than my brain. It’s worked for 12 years so far, I don’t see why it wouldn’t work for you.

Step 1) Choose your keyphrase

Choose two words that make sense to you. Regular English (or your choice of language) words. Try to make them unique to you, your experiences and your lifestyle but not your personal life (ie children/dogs names). Try to pick words that are of a decent length and are not related. So for example let’s say I like reading Terry Pratchett books and mountain biking. So my two words could be Vetinari (my favourite character from the books) and Cannondale (my bike brand).

Now just jam them together. VetinariCannondale. Based on howsecureismypassword that password would take “a computer about 6 trillion years to crack” So its a good place to start.

Now you can add a layer of security by doing number substitution, replacing vowels with similar looking letters. V3t1n4r1C4nn0nd4l3. This bumps the password up to 145 trillion years. Or you could use character substitution V#t!n$r!C$nn)nd$l#, replacing the numbers with their related character. We’re up to 586 trillion years now. Just remember which one you are going to use and stick to it.

Step 2) Choose a Key

Now you need to choose a key for each site/app you want to use your password in. I’m going to use a two character key, based on what the site/app is, prefixed to my password. So if the site is Facebook, my key is FB and my password (using the number substituted one) becomes FBV3t1n4riC4nn0nd4l3 (558 quadrillion years). You could have a three character key and you could put the key in the middle or at the end, but keep it the same length and in the same place to make it easier to remember.

Step 3) Security level

Now you can use combinations for different required levels of security. So, for example if I need a password for some random forum I belong to I use the first part of my keyphrase (V3t1n4r1) as level 1. If I need an extra layer of security (level 2) but I want to make sure if the site gets hacked no one gets my level 3 password I use just the key phrase (V3t1n4r1C4nn0nd4l3). For all top level security (eg my banking or my secure files) I use level 3, the Key and key phrase (eg BNKV3t1n4riC4nn0nd4l3 if I banked with a bank called ‘Bank’ 😉 ).

Now, if someone did hack your level 3 secure password, they would possibly be able to figure out the rest, but they would have to know where you use level 1, 2 and 3, and they would have to guess your Key structure for each app/site as well.

So now you have multiple password options for different types of sites/apps, each that are pretty easy to remember and hard to crack.

Bonus step) Usernames

Use a decent username, never easy to guess things like admin, or your name. Choose a nickname that not many people would know.

Security, it’s all about obscurity.

Disclaimer: The author accepts no liability for the quality of the information provided or for it being correct, complete or up to date. The views of this article of those of the author alone and not Elegant Marketplace. Elegant Marketplace accepts no liability for any losses either directly or indirectly related to your choosing to follow this advice.

Jonathan Bossenger
is a programmer and WordPress development consultant who runs Atlantic Wave, a plugin developer that features on this site. He lives in Cape Town, South Africa and loves all things PHP, SQL and WordPress.