What strategies you use to create new passwords. At times I have to help several people (who are not tech savvy) to create login/password for different services. What tips would you give to such people to create passwords which are easy to remember but difficult to crack?
Back in the days before shared password manager systems were a thing I was asked by an auditor how we shared the passwords for all our servers and services. I simply told them that we wrote them down on pieces of paper and locked them in our safe. They replied that all they needed to do then was to break into the safe to get access to our machines. That was when my colleague replied "Sure, you could do that - but you'd be wasting your time as the safe is in the server room, so you'd already have physical access to the servers"<p>If someone can't handle a password manager then writing down a longer more complex password and locking it in drawer is still better than picking a simpler password.
These days, password managers such as 1Password are easy enough to use even for non-tech-savvy people.<p>Other than that, although the process can become tedious when applied manually to a multitude of passwords, diceware helps with generating easy-to-remember passwords:<p><a href="https://diceware.dmuth.org/" rel="nofollow noreferrer">https://diceware.dmuth.org/</a><p><a href="https://blog.1password.com/toward-better-master-passwords/" rel="nofollow noreferrer">https://blog.1password.com/toward-better-master-passwords/</a><p>You probably still want to keep a secure record of those somewhere, which is where password managers come in handy again.
I have 3 base passwords --- easy, moderate and difficult.<p>Easy is for junk I don't really care about. Moderate is for stuff I do care about but doesn't contain any personal info. Difficult is for things that involve personal info.<p>Here is the fun part --- I have a 4th category called "critical" for extra security. In these cases, I combine the difficult base with one of the other two and then add a special context character at the end to indicate type. For example, with banking/money related stuff, I'll add [$]. Also, the easy password can be spelled either forwards or backwards.<p>All together, I have about 40 different passwords that I use but I really only remember the 3 bases. Even when I am not sure, I can usually guess the correct one within 3 tries based on context --- the objective being to avoid getting locked out.<p>For example, if it is a banking website, I know from the context that it ends with "$" and it contains the "difficult" base.<p>Obviously not perfect but where security is concerned, nothing ever is.
Why memorize passwords? Put them on a password manager, either a third-party one or the ones built into Chrome/Firefox/Safari/macOS/Windows. They often have passkey support too.
I would pick a word or name, and for each letter of the given word you create a sentences beginning with each letter. It doesn't need to make sense, you just need to make it easy to remember.
Bonus point by adding a number (like a year date related to the word/name) and by separating each word with a special character.<p>For example : Alice
Amendment%Liability%Indicates%Cute%Energy2006
I use to explain my strategy to friends and over time I've changed from words to short phrases.
What I do is to have passwords divided in two parts: one constant, one variable
The constant part is a phrase I can easily remember and the variable part is a reference to the usage of the password, so for example:<p>- ILikeDarkChocolateGmail<p>- ILikeDarkChocolateApple<p>- ILikeDarkChocolateWhatever<p>and so on.