What is your best advice for creating a good password manually?

Devanand Premkumar
49 replies
I sometimes create passwords with a combination of words. For example "be-kind-and-respectful" is just one such combination. At times "read-one-book-a-day" hits me up as it kind of reminds me of one of my goals that I have planned for myself. I do wonder how do you think is the best way to create a good and strong password manually without the help of any supporting tools like browser manager, password manager, etc.

Replies

Product Manager at Freemake
I have several made-up words which I use as passwords with different combinations of figures and capital letters :)
Share
Security Researcher
@anna_caine Made up words - your own vocabulary sounds like an interesting idea. Hope the combination of words do exceed at-least 10-12 characters length as a best practice.
My name is Jenkins and I love writing.
I quite often use the well-known name plus symbols, but this is not entirely reliable)
Share
Security Researcher
@jimmyjw Well, the idea is simple and easy, but security is questionable. We need to consider that as well :)
Growth @Rock
You can also substitute some letters with their equivalent number (3 = E) (I = 1) and if the source allows for it add an exclamation mark, question mark or full stop at the end of a sentence in order to secure your pw further
Share
Security Researcher
@nicolaas_spijker G00d 0ld p@$$sword m0d3l w0rk$ f!n3.
Share
Growth @Rock
@devaonbreaches hahaha that should do!
I work with brain tech 🚀
By the way, regarding the passwords subject. Among the products that are featured today there is Cotter No-Code Passwordless Login by @anthonyharris, @putrikarunia, @albertpurnama and @michelle_marcelline
Share
Founding Team Member of Dive
Song lyrics :D
Share
Security Researcher
@suheyla_seker Classical password selection strategy. Our fave songs. Super nice :)
Content and Community Manager
I usually take a date of birth from someone close and my favorite TV show or Film :)
Share
Security Researcher
@mona_erb Special ones close ones always deserve the right attention. TV show or film is looking interesting to me.
Share
Hands On Founder w/Multiple Exits
I use a base plus a site identifier. For each website I tack on a nickname that i'll remember. Example... if my base is "pass123!" when i create a password for ProductHunt i might use "pass123!prodh". Unique passwords for every site so a compromised password isnt useful on any other website, but very easy for me to remember because all i need to do is recall my nickname for the website im trying to access.
Share
Security Researcher
@openteam I like the idea but curious on whether you use a base word constantly. For example if your base word is just "pass" predicting your password for PH would be easy as long as someone knows one of your existing password. Wonder how do you handle that?
Hands On Founder w/Multiple Exits
@devaonbreaches the base password is a good strong password in its own right. The combination is usually > 16 chars consisting of lower, upper, numbers and special chars. Couple that with I usually dont use the most obvious add-on name. For example with Product Hunt... I probably wouldnt use producthunt or ph (i used SSO via google so doesnt apply but just an example). All that said, im most worried about an automated attack. If you had my base password and you had some time, you probably could get into an account or two on a premium destination.
BAZO.io and 300DEVS
@openteam Really nice idea. I will try it!
Share
Founder & CEO of ComplYant
Someone once told me about this comic, which is funny and could be used as a starting point for a stronger password: https://xkcd.com/936/
Share
Security Researcher
@shilohjohnson Believe it or not, this is one most used strategy for password selection. Guess that works fine for you as well.
Share
Digital Marketing Specialist
@shilohjohnson This is great! thanks for sharing
Share
Creating tools for team managers
Diceware passwords are the way to go for me. Using a wordlist and rolling physical dice to choose the word removes any personal bias from the words chosen. Take a few words and string them together to form a password that isn't too hard to remember. More info about it here: https://en.wikipedia.org/wiki/Di...
Share
Security Researcher
@teamtomato7 Diceware password model is used in super sensitive accounts including financial lockers these days. I have also seen this being used in Crypto currency exchanges with a larger set of words as seed for Diceware. Nice to hear that being used as a regular use case :)
Share
Creating tools for team managers
@devaonbreaches I like the concept of unbiased randomness and creating a new password is simple if you have a wordlist and physical dice. Lucky for me, I'm someone who plays board games and D&D regularly so I have dice nearby. Maybe even _too_ many dice nearby.
Share
Entrepreneur & Solution Architect
When you were a kid you most likely was making up some names or abbreviations which are still memorable in your head, right? Just pick three of them and combine in any order you want. In the end, you are having different passwords which are easy to remember for you, but not for anyone else :) As a delimiter, you can use for the first one: dash (-), for the second one: hash (#). For example, you can do something like this: Memorable parts: Mat, F1Cup, 12Blond (you pick your memorable parts yourself :) ) Passwords: Mat-F1Cup#12Blond Mat-12Blond#F1Cup 12Blond-F1Cup#Mat 12Blond-Mat#F1Cup F1Cup-Mat#12Blond F1Cup-12Blond#Mat ... Hope that helps :)
Share
Security Researcher
@ilia_pikulev My historical memories and words combination will always be super unique to each and every one of us. I think this is novel as well as secure considering the fact it is not expected to be easily guessed or brute forced by sheer number of combination. As long as this is above 10-12 characters in length, I think this is super easy for all to use and remember :)
I am fond of Science,Technology,Art,etc
To make a good password I use 1 uppercase letter or if it like 2 words then 2 uppercase letters and rest of them in lowercase , other than I use 1 special character and two numbers
Share
Security Researcher
@jaskiran_kaur Curious me on why these combinations?
twitMate. Downtime Monkey, Big Toe Web
Entire phrases from books or song lyrics etc. are vulnerable to combined dictionary attacks even if they are very long.
Share
Security Researcher
@ryan_w_glass That is true. At the same time, such large lists brute forcing would also be too noisy and it would trigger some alerts, if defenses are properly implemented. Adding to that, such large dictionary attacks would be time consuming as well if the length exceeds a particular value.
Share
twitMate. Downtime Monkey, Big Toe Web
@devaonbreaches you're right on all those points!
Share
CLO & co-founder https://koinju.io
Write long sentences ^^
Share
Security Researcher
@benoit_chambon Molly Bloom's soliloquy in the James Joyce novel Ulysses (1922) contains a sentence of 3,687 words. Wonder if this would qualify as one of your suggestions :D
Share
CEO & cofounder & many others things ;-)
@benoit_chambon Does this loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo ooooooooooooooooooooooooooooooooooooong sentence work ?
Share
Security Researcher
@benoit_chambon @nazim_m Maybe, maybe not. ¯\_(ツ)_/¯
Share
French, CEO and Growth hacker
For me the best way to do it manually ... is to do it automatically using a strong password manager :)
Share
Security Researcher
@ugo_buyzooka Rules of the game is not to use password manager for this suggestion :D
Prefer to use password managers tbh haha but if I had to, I'd kinda' take the name of a random city I know (little town middle of nowhere mexico) plus some numbers and symbols, or someone's nickname. usually combinations of words in different languages and numbers works as well
Share
Security Researcher
@carlosleyva I like your idea about the random city and combination, but the question is how will you identify the password you used to be unique with each service? That is a big question as well.
Share
@devaonbreaches totally! hence password managers are the way to go unfortunately.
Share
Security Researcher
@carlosleyva True again. Password managers are much secure compared to any password creation models created manually.
Share
Building Clapup.me
use to take ex dob with a some selected word along with.
Share
Security Researcher
@sreekanth850 Sounds like a simple idea to use. But question is how secure it is and how can you remember all the passwords that is created using this logic?
Building Clapup.me
@devaonbreaches regarding security , yeah . i use lastpass to remember all the password. Actualy there is a need for passwordless login.
i am a shy, creative person
Take a song you know and make a password from each initial letter of every word of the first two verses
Share
retired
@angela_banica Hey, it's a good idea! Thanks!
Share
i am a shy, creative person
@zolitompa Thank you so much!
Share
Hybrid Meetings
I randomly slap the keyboard like crazy with holding the shift key sometimes and adding random special chars, the result looks quite cryptic to me
Security Researcher
@timz_flowers Wow. That sounds like a pretty unusual and unique password creation strategy.
Hybrid Meetings
@devaonbreaches everything else leads to a weak password
Love life - it is beautiful
everything that is simple is always difficult. therefore, I make passwords as simple as possible.
Share