START A PETITION 27,000,000 members: the world's largest community for good
Dec 11, 2012

At the risk of repeating myself (see “What you don’t know about passwords might hurt you”), the best way to ensure that you never forget your passwords is to offload the task of remembering to a password manager such as 1Password (; $40). For most passwords, most people, and most of the time, that’s the only trick you’ll need. However, no matter what tools you use, you’ll have to memorize at least a few passwords. Because those are among your most important, you don’t want to trade security for memorability. Here are a few tips that can help you make sure your brain doesn’t betray you.

Determine which passwords you must memorize

I have no idea what 99 percent of my passwords are. Honestly, none whatsoever. They’re long strings of random computer-generated characters, and I’ve never even glanced at most of them. When I need to use them, I let my password manager fill them in for me or, if that won’t work for some reason, I copy and paste them. After all, it’s no harder for an app to enter a 14-character random password than for me to type in the word baseball, so I figure I have nothing to lose by going the crazy-secure route.

However, one password I’ve memorized cold is the password that unlocks all the other passwords stored in my password manager. That’s a pretty important one. I’ve also memorized my OS X user account password, because I enter it many times a day—and since I use OS X’s FileVault, I need that password to start up my Mac before I have access to any automated tools. Since I’m frequently prompted to enter the passwords for my iCloud, Gmail, and Dropbox accounts (often in situations where it would be awkward to copy and paste), I’ve memorized those too.

Depending on your habits and needs, your list might be different from mine, but most people can get by with no more than half a dozen passwords committed to memory. Considering that you may have many hundreds of passwords overall, memorizing five or six is a pretty minor task.

Choose a path to high entropy

Once you know which passwords you need to memorize, your next job is to choose passwords that are strong enough to defeat automated hacking attempts yet memorable enough that you can produce them instantly—and, for bonus points, they should be convenient to type.

Undoubtedly you know the basic drill by now. All things being equal, longer passwords are better than shorter ones; random passwords are better than those that follow a pattern; and the best passwords combine upper- and lowercase letters, numbers, and special symbols such as punctuation. It turns out, though, that you don’t necessarily need all those qualities in a password to make it secure—for example, a long but simple password can be just as secure as a short but complex one. This is provable through a concept called entropy, which refers to a mathematical approximation of how difficult, on average, any given password is to guess.

Depending on how you do the calculation, the passwords "7H#e2U&dY4" (ten random characters) and "blanketsensory" (14 nonrandom characters) are approximately equal in strength, but the latter is much easier to remember and type. Even though it contains only lowercase letters and blanket and sensory are both ordinary English words, the password’s entropy is high enough that a concerted brute-force attack would take days or weeks to crack it. The moral of the story (as brilliantly illustrated inthis XKCD comic) is that when you have to memorize a password, a longer phrase composed of random words or syllables will make your life easier than a shorter string of entirely random individual characters.

If your memory is excellent and having to type the fewest possible characters is your biggest consideration, then go with a shorter random password—but remember that whereas “short” used to mean 8 or 9 characters, nowadays 12 or 14 are safer. Nevertheless, since most people can type long words faster than short bursts of random characters, you might find a 25-character phrase more convenient in daily use than a 12-character string of nonsense.

Let a computer pick your passwords

Password Assistant, accessible through Keychain Access (and a few other spots in OS X), can create memorable yet random passwords out of words, numbers, and symbols.

I’ve sometimes advised people to use mnemonic cues to remember passwords. For example, taking a sentence such as “I once drank three cups of coffee before realizing it was decaf” and using just the first letter of each word, with a capital and a number thrown in, creates “Iod3cocbriwd”—a reasonably strong password. But because humans have a tendency to unconsciously introduce patterns into passwords produced through these means (which can increase the ease of guessing a password), I prefer to let a computer create a selection of random (but memorable) passwords, and then choose one that sounds good. You have numerous ways to do this.

If you open Keychain Access on your Mac (in /Applications/Utilities), choose File > New Password Item, and then click the key icon next to the Password field, you’ll see a Password Assistant window. In this window, choose Memorable from the Type pop-up menu and select a password length. The utility will produce a password consisting of a combination of words, numbers, and symbols (such as “nineteenth8590.middlingly” or “baiting325@certifications”. Don’t like the first suggestion that appears? Click the pop-up menu to see more, or choose More Suggestions from that menu to get another list.

1Password's Pronounceable option creates passwords out of pronounceable syllables, making them easier to remember and type.

1Password’s password generator also has a mode that creates a series of pronounceable syllables (not necessarily English words), with or without intervening digits or hyphens—such as "liegnicroci", "lieg7ni2croc5i", or "lieg-ni-croc-i". To generate them in the 1Password app, choose File > New Item > New Password, clickPronounceable, and select the separator and length you prefer. Click the Refresh button to see another password choice. (The directions are similar when you're using 1Password’s browser extensions, although the layout and options are slightly different.)

Have a backup plan (or two)

If, despite choosing memorable or pronounceable options for your top few passwords, you’re afraid you might forget them, writing them down on paper is not a terrible idea—as long as you keep that paper in a safe place. Obviously, a sticky note on your computer is not very safe, but your wallet might be an excellent location (and is precisely the recommendation of security expert Bruce Schneier). If you’re especially paranoid, you might obfuscate them in some way, such as swapping the first and last characters—but of course, if you forget how you altered them, you’ve done yourself a disservice.

Finally, consider giving a copy of that paper to your spouse or a trusted friend, or putting it in a safe deposit box. If something were to happen to you, and your family or business associates urgently needed access to your data, the “security” of having your passwords stored only in your head would work against you. Just be sure that whoever holds your passwords keeps them as safe as you do yourself.

Another related story on how to recover data on Mac.

Visibility: Everyone
Posted: Tuesday December 11, 2012, 10:21 pm
Tags: mac internet recovery antivirus security data firewalls [add/edit tags]

Group Discussions
Or, log in with your
Facebook account:


Tommy R.
male ,
(0 comments  |  discussions )
\nSamsung Galaxy SIII mini\r\n\nSamsung GT-I8190 Samsung galaxy s III mini is usually an Android smartphone that is announced in October 2012 and released in November 2012. The Galaxy S III Mini tech specifications has a 4 inch Super AMOLED Display, dual-...
(0 comments  |  discussions )
\nHard Drive Damaged – Data Lost – What Can I do\r\n\nEveryday we are working in the front of computer, doing all the things, whatever at office or home. Computer has become necessary item on our life. However, many people save their data such...
(1 comments  |  discussions )
\nThe year is drawing to a close, so there\'s a very good chance that you now find yourself staring straight down the gaping maw of Windows 8.\r\nMaybe someone gave you a new Windows tablet or PC as a gift. Or maybe you decided to use your holiday down ti...
(0 comments  |  discussions )
\nAny Video Converter Software\r\n\nAny Video Converter software is the most powerful and best video converter tool on the market. The descriptions come from its official website said, it’s an all-in-one user-friendly DVD ripper, video recorder, vid...

No shares

Mar 31
Blog: How to Extend the Life of your TRIAD Boilers by Kayleigh L.
(0 comments  |  discussions ) — \\nHow to Extend the Life of your TRIAD Boilers \\r\\n \\r\\nCorliss Engine Review\\r\\nEvery user desires to prolong the life of a unit. TRIAD assists their clients in achieving this important objective by informing them of ways they can avoid problems... more
Feb 27
Blog: Dr Oz Weight Loss - The 100% Natural And Very Efficient Diet Pill by Debra S.
(0 comments  |  discussions ) — \\nYes, Dr. Oz called Garcinia Cambogia Extract (HCA) the Holy Grail of Weight Loss. He went on to say, “Anytime I see a scientist get this excited about something like Garcinia Cambogia Extract and when I looked through some of this research and... more
Blog: My Favorite Websites by krysta I.
(0 comments  |  discussions ) — \\nIFAW:\\r\\nOCEANA:\\r\\nPETA:\\r\\nEARTH 911:\\r\\nANI MALs ASIA:\\r\\n \\r\\n\\r\\n\\n more
Feb 21
Blog: testing one two three by Geoff M.
(0 comments  |  discussions ) — hello world more
Blog: Garcinia Cambogia Reviews From Actual People Garcinia Pure Extract Is A Huge Success February 20 by Dany M.
(0 comments  |  0 discussions ) — \\nGarcinia Cambogia Reviews From Actual People Garcinia Pure Extract Is A Huge Success February 20\\r\\nGarcinia Cambogia System The Dr. Oz Lose Weight Quick Process Without Having Side Effects\\r\\nHe went on to say, “At any time I see a researcher... more
Content and comments expressed here are the opinions of Care2 users and not necessarily that of or its affiliates.