Choose a password that's both secure and won't have you saying "I Forgot My Password!"

Secure passwords seem at odds with password you can actually remember. There are ways to accomplish both with little compromise.

Password problems come in two general forms:

Passwords that are too simple or common are easily guessed by others and are one of the most common causes of account and even identity theft. Passwords that are constructed from any information that's easy-to-find about you are among the simplest to guess or crack. If you've posted anything on a social media site like MySpace, Facebook or others, then that information is readily available to someone who might use to start trying to get in to your account.

Passwords that are too complex can be forgotten, or are often written down in places that are easily discovered, once again often leading account loss and even theft.

The compromise, of course, is to choose a password that is sufficiently complex so as to thwart password guessing techniques, while still having characteristics that allow you remember it without needing to write it down. "hFKouX6jkvMkhKU" might be an excellent password from a security perspective, but from a practical point of view, it's simply not going to cut it for every day use.

There are many common techniques or algorithms people use to generate passwords that they can remember but that others, without knowing both the "rules" of the algorithm, and the words you chose to use, and how you happened to apply those rules would never guess.

As an example:

Choose a favorite TV character.
Choose a color.
Change the capitalization of those two words randomly.
Replace at least one of the letters in each with a number that somewhat "looks like" the letter it's replacing.

For example, pick "Bauer" and "Green".

A good, hard to guess password that results might be: "gR4enbA0er". If you look, you'll see "greenbauer" in it, but with a couple of changes. It may look hard to remember, but it's surprisingly easy. After you've used it a couple of times, it'll come back to you pretty quick. "Green" and "bauer" serve as mnemonic devices to lead you to your real, obfuscated password.

Using multiple passwords - say a different password for every site or account - is frequently recommended. You might modify algorithm such as the above to include something unique about the web site - like inserting the 3rd and 5th character of the site's domain name in between your two chosen words.

Of course these are just examples - you can, and should, think about your own approach to generating passwords that you'll remember. (That you might write down and keep in a safe place.)

Finally, you can consider using technology. There are many utilities that will generate complex passwords for you, and then remember them for you. Do not rely on your browser - your browser's password storage is often extremely insecure. Safer are third party tools that allow you to specify that their database of passwords be encrypted, or stored on some kind of encrypted device.

But, naturally, there is a final catch even with this approach.

The encryption will have to be unlocked with a password that you've remembered.

Posted January 31, 2010