What is your best advice for creating a good password manually?

Devanand Premkumar
53 replies
I sometimes create passwords with a combination of words. For example "be-kind-and-respectful" is just one such combination. At times "read-one-book-a-day" hits me up as it kind of reminds me of one of my goals that I have planned for myself. I do wonder how do you think is the best way to create a good and strong password manually without the help of any supporting tools like browser manager, password manager, etc.


Anna Avvakumova
I have several made-up words which I use as passwords with different combinations of figures and capital letters :)
Devanand Premkumar
@anna_caine Made up words - your own vocabulary sounds like an interesting idea. Hope the combination of words do exceed at-least 10-12 characters length as a best practice.
Jimmy Jenkins
I quite often use the well-known name plus symbols, but this is not entirely reliable)
Devanand Premkumar
@jimmyjw Well, the idea is simple and easy, but security is questionable. We need to consider that as well :)
Nico Spijker
You can also substitute some letters with their equivalent number (3 = E) (I = 1) and if the source allows for it add an exclamation mark, question mark or full stop at the end of a sentence in order to secure your pw further
Devanand Premkumar
@nicolaas_spijker G00d 0ld p@$$sword m0d3l w0rk$ f!n3.
Slava Bobrov
By the way, regarding the passwords subject. Among the products that are featured today there is Cotter No-Code Passwordless Login by @anthonyharris, @putrikarunia, @albertpurnama and @michelle_marcelline
Mona Erb
I usually take a date of birth from someone close and my favorite TV show or Film :)
Devanand Premkumar
@mona_erb Special ones close ones always deserve the right attention. TV show or film is looking interesting to me.
Scott Teger
I use a base plus a site identifier. For each website I tack on a nickname that i'll remember. Example... if my base is "pass123!" when i create a password for ProductHunt i might use "pass123!prodh". Unique passwords for every site so a compromised password isnt useful on any other website, but very easy for me to remember because all i need to do is recall my nickname for the website im trying to access.
Devanand Premkumar
@openteam I like the idea but curious on whether you use a base word constantly. For example if your base word is just "pass" predicting your password for PH would be easy as long as someone knows one of your existing password. Wonder how do you handle that?
Scott Teger
@devaonbreaches the base password is a good strong password in its own right. The combination is usually > 16 chars consisting of lower, upper, numbers and special chars. Couple that with I usually dont use the most obvious add-on name. For example with Product Hunt... I probably wouldnt use producthunt or ph (i used SSO via google so doesnt apply but just an example). All that said, im most worried about an automated attack. If you had my base password and you had some time, you probably could get into an account or two on a premium destination.
Shiloh Johnson
Someone once told me about this comic, which is funny and could be used as a starting point for a stronger password: https://xkcd.com/936/
Devanand Premkumar
@shilohjohnson Believe it or not, this is one most used strategy for password selection. Guess that works fine for you as well.
Team Tomato
Diceware passwords are the way to go for me. Using a wordlist and rolling physical dice to choose the word removes any personal bias from the words chosen. Take a few words and string them together to form a password that isn't too hard to remember. More info about it here: https://en.wikipedia.org/wiki/Di...
Devanand Premkumar
@teamtomato7 Diceware password model is used in super sensitive accounts including financial lockers these days. I have also seen this being used in Crypto currency exchanges with a larger set of words as seed for Diceware. Nice to hear that being used as a regular use case :)
Team Tomato
@devaonbreaches I like the concept of unbiased randomness and creating a new password is simple if you have a wordlist and physical dice. Lucky for me, I'm someone who plays board games and D&D regularly so I have dice nearby. Maybe even _too_ many dice nearby.
Ilia Pikulev
When you were a kid you most likely was making up some names or abbreviations which are still memorable in your head, right? Just pick three of them and combine in any order you want. In the end, you are having different passwords which are easy to remember for you, but not for anyone else :) As a delimiter, you can use for the first one: dash (-), for the second one: hash (#). For example, you can do something like this: Memorable parts: Mat, F1Cup, 12Blond (you pick your memorable parts yourself :) ) Passwords: Mat-F1Cup#12Blond Mat-12Blond#F1Cup 12Blond-F1Cup#Mat 12Blond-Mat#F1Cup F1Cup-Mat#12Blond F1Cup-12Blond#Mat ... Hope that helps :)
Devanand Premkumar
@ilia_pikulev My historical memories and words combination will always be super unique to each and every one of us. I think this is novel as well as secure considering the fact it is not expected to be easily guessed or brute forced by sheer number of combination. As long as this is above 10-12 characters in length, I think this is super easy for all to use and remember :)
Jaskiran Kaur
To make a good password I use 1 uppercase letter or if it like 2 words then 2 uppercase letters and rest of them in lowercase , other than I use 1 special character and two numbers
Devanand Premkumar
@jaskiran_kaur Curious me on why these combinations?
Ryan Glass
Entire phrases from books or song lyrics etc. are vulnerable to combined dictionary attacks even if they are very long.
Devanand Premkumar
@ryan_w_glass That is true. At the same time, such large lists brute forcing would also be too noisy and it would trigger some alerts, if defenses are properly implemented. Adding to that, such large dictionary attacks would be time consuming as well if the length exceeds a particular value.
Benoit Chambon
Write long sentences ^^
Devanand Premkumar
@benoit_chambon Molly Bloom's soliloquy in the James Joyce novel Ulysses (1922) contains a sentence of 3,687 words. Wonder if this would qualify as one of your suggestions :D
Nazim @Koinju
@benoit_chambon Does this loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo ooooooooooooooooooooooooooooooooooooong sentence work ?
Ugo B
For me the best way to do it manually ... is to do it automatically using a strong password manager :)
Carlos Leyva
Prefer to use password managers tbh haha but if I had to, I'd kinda' take the name of a random city I know (little town middle of nowhere mexico) plus some numbers and symbols, or someone's nickname. usually combinations of words in different languages and numbers works as well
Devanand Premkumar
@carlosleyva I like your idea about the random city and combination, but the question is how will you identify the password you used to be unique with each service? That is a big question as well.
Devanand Premkumar
@carlosleyva True again. Password managers are much secure compared to any password creation models created manually.
Sreekanth PM
use to take ex dob with a some selected word along with.
Devanand Premkumar
@sreekanth850 Sounds like a simple idea to use. But question is how secure it is and how can you remember all the passwords that is created using this logic?
Sreekanth PM
@devaonbreaches regarding security , yeah . i use lastpass to remember all the password. Actualy there is a need for passwordless login.
Corina Tataru
Take a song you know and make a password from each initial letter of every word of the first two verses
I randomly slap the keyboard like crazy with holding the shift key sometimes and adding random special chars, the result looks quite cryptic to me
Larisa Terekhova
everything that is simple is always difficult. therefore, I make passwords as simple as possible.
Ibán Ríos
A couple of years ago I developed a friendly password generator as a side project. Hope it helps! https://onpassword.one