How to Create a Secure Password You Can Actually Remember

There's been a lot of buzz about the Heartbleed Bug over the last 24 hours, and because this is such a big deal, even though it's not explicitly about deals or freebies or otherwise saving money, we feel that Brad's Deals have a responsibility as a consumer advocate to pass along the notes on what you should do to protect yourself.

What is the Heartbleed Bug?

How to choose a secure password

Photo: snoopsmaus / Flickr

Heartbleed is being described as an encryption flaw in a secure connection protocol called OpenSSL. Basically, when your computer is connected to a secure website, like a bank or an online retailer, there is a sort of ping signal that keeps you securely connected. The Heartbleed exploit allowed hackers to replace that ping with a false ping, using it to intercept sensitive information like passwords, credit card numbers and any other data that you would submit with a secure form.

Do hackers have my information now?

No one knows for sure. This wasn't a case of catching the bad guys doing something bad, so we can't say for sure if anyone has used the exploit to get info in the past.

What you should do about it?

The best thing to do is to wait for affected websites to fix the bug with a security patch, then update your passwords. Changing your passwords before those updates are made still leaves them vulnerable to the exploit.

What sites were affected?

Mashable put together a good list that they're keeping updated as information comes in. Bookmark it and check back often. Facebook, Pinterest and Instagram are just a few of the bigger names on the list.

The list includes comments from many retailers and banks, and so far all appear to have been using a form of encryption that never was vulnerable to Heartbleed in the first place.  Most online retailers use a different kind of encryption and were not affected. This appears to be good news for bank and retail customers, but you may want to reach out to your bank if it's not on Mashable's list.

How to create a secure password you can actually remember

Passwords don't have to be an incomprehensible, easily forgettable jumble of random letters and numbers to be secure. In fact, most internet security experts agree that the length of a password is actually more important than its complexity. But adding in a layer of complexity helps, and it doesn't have to be hard to remember.

Create a nonsense phrase that only makes sense to you. 

This is my favorite method. Think of three random things in your life and string them together. For example, use a  pet's name, the street you live on, and your favorite snack food to come up with something like ZiggyBroadwayCheetos. Throw in anything meaningful to you. Your favorite drink to order at a bar. The last city you visited on vacation. Your childhood zip code. The name of your summer camp. The possibilities are endless.

Use a mnemonic device.

The jumble of letters would seem random to anyone else, but you'll always remember them because you know key. Every music student knows that "Every Good Boy Does Fine" is the musical notes E-G-B-D-F. Every Doctor Who fan knows that Clara remembers her wifi password RYCBAR using "Run you clever boy and remember." Memorize a favorite sentence, then use the first letter of each word to construct a memorable password.

Swap out numbers for letters or symbols.

This really only works if you are using a word or phrase that no one else will guess. If your kid's name is Christopher, it's still going to be pretty easy for anyone armed with a few high level personal details to guess at Chr15t0ph3r. But combining this tactic with our ZiggyBroadwayCheetos example to come up with Z1ggyBr0@dw@yCh33t0s? That's going to be a tough nut to crack.

Take out the vowels.

A favorite sentence with the vowels removed is tough to guess. Let's look at "Elementary, my dear Watson." Kill the vowels and you've got lmntrymydrwtsn. That is going to be crazy hard to guess. Want to make it even harder? Capitalize the first letter of every word. Need to throw a number in there? Try using an event and year, like "Chicago Cubs 1908" to get ChcgCbs1985.

Join the discussion