How to create secure and memorable passwords

Posted Friday, February 19th, 2010 by Richard Caddick

As you’d expect a lot of our projects have a secure area to the site. One of the questions that always comes up is the level of security the area should have – and specifically how the site should validate a users password.

However very little is done to educate the user on how to create a secure and memorable password.

On top of this, the algorithm used to estimate how easy it is to crack a password can be misleading. I signed up to a site earlier today and it deemed p@55word stronger than a random eight character equivalent.

What people need is a way of generating a random password that’s easy to remember.

I should add that this method isn’t my own. It’s something I read about seven or eight years ago and have been evangelising about ever since.

So, what’s the secret?

It’s simple. Rather than thinking of a password, think of a phrase. For example (and this is entirely made up):

There were seven youths throwing stones at passing cars.

It helps to choose something that’s familiar to you. An experience you’ve had maybe.

What you then do is take the character at the front of each word and turn numbers into numerals and words like at and and @ into &.

In this case you would end up with the password:
Tw7yts@pc

That’s completely random and hard for man or machine to crack, but you’d remember it every time.

About the author

Richard Caddick
Richard Caddick
Richard is a managing director at cxpartners. He works with brands to develop engaging user experiences for different devices, and loves creative problem solving. Richard does a lot of baking, and loves to make bread. Email Richard, or call +44 (0)117 946 3930

Tags: , , , , , ,

Further reading

2 Responses to “How to create secure and memorable passwords”

  1. 2010 Feb 19 1:32 pm
    Philip Morton

    One interesting technique that I heard of was to take a normal word and transform it using the keyboard layout. So if your initial word is “cat”, instead of typing C, A, T, you type the letter above and to the left of each key, so in this case D, Q, 5.

    Although that method relies on the keyboard layout remaining the same, it can create memorable but scrambled passwords.

  2. 2010 Feb 19 4:20 pm
    Ivan Walsh

    Nice suggestions here, Richard.

    Adding an uppercase letter also helps.

Leave a reply

  1. Research
  2. What we do
  3. Usability testing
  4. Guerilla user testing
  5. International user testing
  6. User testing with disabled users
  7. How we do it
  8. Eye tracking
  9. Ethnography
  10. Card sorting
  11. Online surveys
  12. Task modelling
  13. Customer journey mapping
  1. Strategy
  2. What we do
  3. Business requirements
  4. User requirements
  5. Persona development
  6. Vision development
  7. Accessibility policy development
  8. Ethical SEO
  9. How we do it
  10. Stakeholder workshops
  11. Expert usability reviews
  1. Design
  2. What we do
  3. Information architecture
  4. Wireframe development
  5. Visual design
  6. Mobile interface design
  1. Contact us
  2. +44 (0)117 946 3930
  5. 22-24 Queen Square
  6. Bristol, BS1 4ND
  7. United Kingdom
  8. Map & directions