A better way to choose passwords

Choosing passwords is such a pain to most people that we usually just opt out. We instead have a password manager take care of it, or worse, just use the same exact password for everything.

Here’s a better way to create your passwords: create one or two base phrases that contain words with lowercase/uppercase letters and at least one number. For example:

jump4Joy

or

packageWHEEL2jump

Then, add parentheses somewhere in there and inside the parentheses insert what you would call the app you’re signing into. Get creative. For example, the above would turn into:

jump4Joy(apple) for signing into your Apple ID, or

package(WF)WHEEL2jump for signing into Wells Fargo.

What this does is only require you to remember one (or two in my case) base phrases, and after that just insert what app you’re using. The beauty of this is:

  1. everyone has different base phrases, so your password is still unique

  2. even if someone knows this scheme you’re using and knows what app you’re logging into, they don’t know your base phrase

  3. base phrases are easy ways to remember long strings, so passwords are no longer 8-10 characters and instead could easily be 15-20

  4. even if your base phrase gets leaked somehow, an attacker has to guess the way you spell the app you’re logging into; you could spell it WellsFargo, WF, wf, WellsF, or wellyfargs and be even more secure (I won’t tell you how I spell mine 😉)

Additional note: What I do is have two base phrases, one for important websites (financial, etc.) and one for less important websites (Twitter). This is because less robust sites are more likely to leak passwords, and if my base phrase for Twitter gets leaked it’s even more secure if I use a different base phrase for really important stuff.

Hope this was helpful :)