How to remember passwords
As we’ve said already, the best way to ensure you don’t forget passwords is to offload the task of remembering them to a password manager like 1Password. Most of the time, that’s the only trick you’ll need. But no matter what tools you use, you’ll have to memorise at least a few passwords. Because those are among your most important, you don’t want to trade security for memorability. Here are tips to ensure your brain doesn’t betray you.
Pick Which Passwords to Memorise
We have no idea what 99 per cent of our passwords are. They’re long strings of random computer-generated characters. When we need to use them, we let a password manager fill them in, or copy and paste them.
However, one password worth memorising is the one you use to unlock all the other passwords stored in your password manager. It’s also a good idea to remember your OS X user account password; especially if you enter it many times a day. Since we use OS X’s FileVault, we need that password to start up our Macs before we can access any automated tools. Also, we’re frequently prompted to enter the passwords for iCloud, Gmail and Dropbox accounts, so we’ve memorised those.
Your list might differ, but most people can get by with learning no more than half a dozen passwords.
Choose a Path to High Entropy
Once you know which passwords you need to learn, your next job is to choose ones that are strong enough to defeat automated hacking attempts, yet memorable enough that you can produce them instantly – and for bonus points, they should be convenient to type.
You undoubtedly know the basic drill: all things being equal, longer passwords are better than shorter ones; random passwords are better than those that follow a pattern; and the best passwords combine upper and lowercase letters, numbers and symbols. It turns out though, that a password doesn’t need to possess all of those qualities in order to be secure; for example, a long but simple password can be just as secure as a short but complex one. This is provable through a concept called entropy, which in this context, refers to the mathematical approximation of how difficult a given password is to guess.
Depending on how you perform the calculation, the passwords 7H#e2U&dY4 (10 random characters) and blanketsensory (14 non-random characters) are approximately equal in strength, but the latter is much easier to remember and type. Even though it contains only lowercase letters, and blanket and sensory are both ordinary English words, the password’s entropy is high enough that a brute-force attack would take days or weeks to crack it.
If your memory is excellent and limiting your passwords to the fewest possible characters is your biggest consideration, then go with a shorter random password, but remember that whereas short used to mean eight or nine characters, nowadays using 12 to 14 keystrokes is safer. Nevertheless, since most people can type long words faster than short bursts of random characters, you may find that a 25-character phrase is more convenient.
Keychain Access’s Password Assistant can offer suggestions to help you create a secure but memorable password.
Let a Computer Pick Your Passwords
We’ve sometimes advised people to use mnemonic cues to remember passwords. For example, taking a sentence such as: “I once drank three cups of coffee before realising it was decaf,” and using just the first letter of each word, with a capital and a number thrown in, creates Iod3cocbriwd – a reasonably strong password. But because humans unconsciously tend to introduce patterns into passwords produced through these means (which makes guessing the password easier), we let a computer create a selection of random (but memorable) passwords, and then we choose one that sounds good. You have numerous ways to do this.
If you open Keychain Access on your Mac (in /Applications/Utilities), choose File → New Password Item, and click the key icon next to the Password field, a Password Assistant window will appear. Choose Memorable from the Type pop-up menu and select a password length. The utility will produce a password consisting of a combination of words, numbers, and symbols (such as nineteenth8590.middlingly or [email protected]). Don’t like the first suggestion that you see? Click the pop-up menu to generate more, or choose More Suggestions from that menu to get another list.
1Password’s password generator also has a mode that creates a series of pronounceable syllables (not necessarily English words), with or without intervening digits or hyphens – such as liegnicroci, lieg7ni2croc5i, or lieg-ni-croc-i. To generate them in the 1Password app, choose File → New Item → New Password, click Pronounceable, and select the separator and length that you prefer. Click the Refresh button to see another password choice. (The directions are similar when you’re using 1Password’s browser extensions, although the layout and options are slightly different.)
1Password gives passwords based on pronounceable syllables that are easy to remember.
Have Backup Plans
If you’re afraid you’ll forget your passwords, you can write them down, as long as you make sure you keep that piece of paper in a safe and secure place. Also, consider giving a copy to your partner or friend, or putting it in a safe deposit box. If something happened to you, and your family or business associates urgently needed access to your data, the security of storing your passwords only in your head would work against you.