How to Generate Unguessable Passwords and Never Forget Them

Reading Time: 3 minutes

Working on some content for a clients website recently, I asked them to ping me over their WordPress Admin login. “Oh, it’s just the same as the others” was the reply. I’d done several sessions of work that included helping set up iCloud, Twitter, Facebook pages and other elements of his online business to help them save time when adding content to their channels. “What, they’re all the same? So you don’t have a system of unguessable passwords?”

“I know, we should do something about it. It’s just a pain to try and remember them all.”

unguessable passwords
How to generate unguessable passwords for all your log ins

This may sound horrifying to many, but it’s surprising just how often I hear this. And as our reliance on digital services and online shopping grows and grows, it becomes ever harder to find a way use unique passwords for every single website or service we use. Writing them down in a text file isn’t the greatest idea – you’ll need a copy across your main computer and all your multiple devices and of course, it’s easy for that to be discovered. What you really need is a system for creating unique passwords for every different reason, while making them pretty much unguessable and also easy to remember. Worry no longer. Here’s a way to achieve all of those things in just a few minutes, meaning you’ll never have to write a password down ever again.

The Three Step Process of Creating Unguessable Passwords

First, choose a ‘core word’. Make it a completely random work, unrelated to anything in your business, your family, hobbies, passions or anything like that. Totally random. For this example, we’ll say ‘elephant’ and assume you don’t work in a zoo. The fact that it’s utterly random is your first line of defence, if you like.

Next, start to mix it up in a way that you will still be able to recall by swapping out some of the letters for numbers. For example ‘el3p5ant’. Some services ask you for symbols, or upper and lower case, so you can make it even more secure, perhaps by going ‘eLep5n$t’

OK, whatever you decide upon, you should be able to remember that with a little practice. Try typing it over and over, your muscle memory will kick in. If you struggle, write that part down. We’re not finished yet.

So thirdly, we need to make it unique, so that each time you need to use a login, it’s personalised for that particular service, website or whatever. To do this, we add letters at one end of the core word we created that are associated with what we’re logging into. Take eBay as an example. If we take our core word of ‘el3p5ant’ and add three letters to the end, we finish up with ‘el3p5anteba’ Either end will do, ‘ebael3p5ant’ is an alternative. As you can see, that’s a pretty random sequence. The longer you make your core word, the more secure and unguessable your passwords will be.

As you can see, there are several phases of secrecy to this. now, First off, you’ve chosen a completely random word, that’s hard to guess. Second, nobody knows what letters you substituted for numbers, that makes it harder. Third, nobody knows how many letters you added, or where in your core word you added them. Finally, nobody knows which end of the word you added your unique letters, or how many.

Using a system like this, it’s pretty easy to recall your password for any given service simply by remembering your core word and looking at the same of the service you’re logging into.

And finally, should a service be compromised by a hacking attempt and you receive an email asking you to choose a new password, it’s pretty easy to swap around your core word and unique letters to create a new one.

Author: Neill Watson

Neill Watson is a professional writer, photographer and driver coach. He is the founder and editor of Historic Racer and the popular Car Photographer blog. Learn more about him and connect with him on the social media channel of your choice using the symbols below or sign up for Neill's regular email newsletter.

Leave a Comment

Your email address will not be published. Required fields are marked *