Passwords To Remember

I recently changed all my passwords because of that damn Heartbleed thing, and I’ve been lost ever since. I knew all my passwords before because I’d had them for over a decade (that’s a bad thing), but finding secure new ones that I could remember turned into a nightmare. Then I found this post on Lifehacker that had this excellent password generator from security expert Bruce Schneier. Here’s my version of the Schneier method:

1. Pick a quote or a sentence that’s easy for you to remember.
2. Break it down into only the first letters of the words. (Use a sentence that has at least twelve words.)
3. Replace some of the letters with numbers and symbols (i = 1, o =0, a = @, s = $, etc.) and capitalize the first letter and any proper nouns (to make it easy to remember which letters you capitalized). Since it’s a quote, make sure you put quotation marks around it.
4. Take your password to a password checker to see its strength (the linked checker tells you how long it would take different kinds of hacking to crack your password).
5. If the password is strong, open a new doc and see if you can type that password from memory.
6. Profit.

So, for example:

1. “Blue canary in the outlet by the light switch who watches over you.”
2. Bcitobtlswwoy
3. Bc1t0btl$ww0y
4. It gets an 84% strength rating and would take a medium sized bonnet 173,000 years to crack that. BUT if I put quotation marks around it, it goes up to 99%.
5. Bonus: I get to sing “Birdhouse in my Soul” every time I sign on to Amazon. (Kidding. Not my password for anything because I’m not dumb as a rock.)

Of course, it doesn’t have to be a quotation, it just has to be a sentence you remember. “Veronica peed on Mona’s head, so please don’t pet the yellow fur” works, too. Vp0Mh$pdptyf gets a 77%/2000-years-to-crack-on-a-botnet rating; with quotation marks it goes to 91% and two billion years. (One thing to remember: if you make a document labeled “Passwords” and put your password into it, you’ve just shot yourself in the internet foot.)

Coming soon-ish: the rest of the Leverage posts, more questionables, and some ruminations on writing and critiquing. Probably.

25 thoughts on “Passwords To Remember

  1. Ugh. I know. That heartbleed thing SUCKED! I reset all my passwords too and every since then I have to keep referring to my cheat sheet list (which of course defeats the whole purpose of having passwords if, you know, you *write them down!*). I did the same thing you did, checked online to for tools to help create the strongest ones possible but holy cow, what a nightmare.

    If I may, for some future questionables, can you talk about writing for multiple sub-romance-genres? I’ve always been a contemporary romance person but I’ve had an idea for paranormal romance in my head for awhile now (not vampires). Problem is I’ve been told by several published authors not to bother since the market is so flooded that publishers are telling even best-selling authors “Don’t bother” because unless they have an established name in that genre, it’s pretty pointless. Maybe things have changed since then (this was said a few years ago) and maybe it falls under the whole myths of publishing and “just write a damn good book!” rule. I don’t know. But I’ve heard similar remarks from several authors in the business for a long, long time (none of which ended up making the transition from 1 romance genre to paranormal, I should add), so I thought Hm. Let’s ask Jenny! LOL.

    1. You know, genres and sub genres come in and out of style and all that means is that it’s easier to get some genres published at different times. Nobody is going to turn down a fabulous paranormal because there are too many on the market, although they might turn down a kinda good paranormal if there’s a glut. Write the stories that are demanding to be written; never write to the market. That way lies madness since by the time the book is finished, the market will have changed anyway.

      1. Plus, there’s no law that says you can ONLY publish through a traditional publisher. Because of the options available today, if a writer wants to write vampire paranormal or westerns or any other supposedly “dead” genre/subgenre, they should, especially if they love that genre. The readers who love vampires haven’t stopped loving them, nor have those who love westerns or mysteries with dogs or whatever. If you have a compelling story, and it’s in a genre/subgenre you love, write it. If you can’t sell it through traditional publishing, you can indie publish. The readers who love to read the stuff you love to write, will find you. 🙂 Best of luck!

        1. The problem is that unless you really invest yourself in marketing, readers probably won’t find you. E-publishing well is not easy. It’s a great way to get your book out there if traditional publishing turns you down, but you become your own copy editor, your own designer, your own PR person, your own marketer . . . you have to be willing to invest the time to do it right. Most indie e-books sell about 300 copies. You have to go out and find the readers, not wait for them to find you.

  2. This was the crux of a mystery in one of Isaac Asimov’s “Black Widower” mysteries, where a scientist used a sonnet as the source file for an acrostic based password, and it does generate difficult passwords to crack. At a prior job I used the first 128 letters of the Gettysburg Address as my password on additional servers.

      1. Nope, I just saved it on a specific hidden file on my computer and wrote a script to pull it from the file for my login on the seven servers I had to log into. Since it was hidden it was much safer, and this was before the network had open internet access.

  3. I use an old calendar as a beginning point — Assyrian, Aztec, Babylonian, Celtic, etc. The French Republic calendar would be pretty good, too. Then my cheat sheet just has the date I set up the password, and I can reconstruct it very quickly.

  4. I got halfway through changing all my passwords and then got distracted and wandered away. (I did change the major ones , like FB and Twitter, and Amazon, and bank accounts). So now I have TWO cheat lists, and some scribbled ideas for passwords. Of course, part of the problem is that you aren’t supposed to use the same password all the time, so in theory you would have to do this process for a number of phrases.

    I suspect it works well, but since I can barely figure out how you got to where you got to, I’d never manage to remember my own clever code after about three days. SIGH.

  5. I ended up buying 1password. It offers password generation & memory. I just have to remember my master (one) password. I got it for Mac, iOS, & windows so the hubby can use it too. Now if one of us dies, the other can still access each other’s accounts. Thing is if you forget the master password, you’re screwed. There is no recovery. You account is stored securely hashed & they can’t help you regain access. It allows for other things to be stored in it too, library cards, credit cards, ssn, your whole identity really. I haven’t gone that far. It is nice since it is best if you use a different password for every account. That way if one is compromised, only one is compromised. It is also nice for collecting my accounts as so many places require them but you only use it once a year or less. I still have a lot of work to go to capture all my accounts & set up individual passwords, but at least I’ve started. Also, there is a plug in on most browsers, which enables it to catch when your logging into a site and it will prompt you to save it in your 1password account. Not cheap, but excellent product.

  6. On the other hand, that password checker thing is GOLD. I just spent a half an hour there (you know, instead if going to bed) and discovered that almost all the passwords I have been using (some of which I thought were quite clever, like the obscure Latin name of my car) were absolute crap. Including my three main “default” passwords I’ve been using for years. Sigh. But I was able to come up with a variety of ones it liked (you can also put *password* instead of “password” and it likes it equally well). Gee, I wonder what I’ll be doing over the next few days. le sigh.

    1. My passwords end up in the 55% region, generally. The one it liked the best was “Is itdangerousto type passwords into this kind of thing?” Without the quotations.

      1. If it can recognize words, you’re going to lose points. That’s why you use the first letter of each word instead.

      2. Actually, what it really liked was length. The sentence I typed about passwords above hit 100% well before it was finished. The password fields that really annoy me are the secure sites that limit your password to less than 8 characters. Really, guys? 8? If I’m willing to make it longer, you should THANK me for making it harder to crack.(replying to mine just in case that embedded reply crash is still possible…)

  7. I’m going to check out the password checker, but I must admit that there would be one helluva bored and disappointed criminal who hacked into my online, etc. life. This website is my first foray into any real web interaction. The name’s Flintstone. Wilma Flintstone.

    1. Mostly nowadays, they don’t want your info, they want your computer to hide things like child porn or to use to launch spam . . .
      Really, get good passwords, Wilma.

      1. Well. That explanation certainly puts fire in the breeches and the get in the giddyup. Will do it immediately.
        That’s horrifying.

  8. I can recommend 1password. Use it to generate a different password for each account and use the method above to create your master password for the app each time you change it (which you should do regularly). The app can test your password strength, find old passwords which haven’t been changed for a long time, and has plugins for your browser/s and a menu-bar widget for your Mac. It’s pricey but worth it for the security it provides and how much easier it makes it to put good security practices in place.

  9. Just this morning I downloaded an update of Calibre I needed for my ebooks. Now this post has me questioning that on top of passwords. Thinking now the caliber people hid something insidious inside the program.

    All this convenience doesn’t seem worth it sometimes. Was much happier buying my software disks from the store in physical form–but who knows, maybe they were icky too?

    Think I’ll join Wilma…

  10. Another password tip I got from an IT guru years ago – pick a nonsense phrase/word/acronym, then customize it for each application, using a consistent scheme. For example, I might use the first three letters of the URL – if I needed a password for this site, I’d use arg*******, where ******* was my stock phrase. On Amazon, it would be ama*******. All my passwords are different, but I don’t have to write them down.

  11. Some sites are also recommending that you change the password every month. So, maybe argPASSWORD714 for July would work — so some other arrangement.

    I finally decided it would not be a problem to write down all my passwords on paper and keep them in a place that was accessible, but not in my computer bag. When I log onto sites I don’t log into so often, it’s a real lifesaver.

    I’m a real worry-wort, and I want my loved ones to be able to access my accounts if something terrible happens to me. (But I’d never do this if I was still a college student, or had roommates that I didn’t trust with my life.)

    I also put a post-it note over my camera lens, and I try to remember to disconnect from the internet when I’m not actively using it.

    I hate that the Golden Age of the Internet is over . . . too many bad guys out there buggering everything up for the rest of us.

  12. I did something similar to create post-Heartbleed replacement passwords, but also to create new passwords going forward.

    And, last Christmas, someone gave my husband a blue canary night light, which is in an outlet right now.

  13. There are password keeper apps for Windows, Mac OSX, Unix, iOS, and other operating systems. Some are free and can be found on sites like and others can be purchased. I use 1Password which has versions for most of the operating systems I mentioned earlier. 1Password stores your passwords, generates secure passwords for you and can synchronize your passwords across all your devices. More can be read at this URL:

Comments are closed.