Image by Gino Crescoli, https://pixabay.com/illustrations/password-app-application-business-2781614/

Memorable Passwords

8 min readDec 10, 2020

Disclaimer: Because this article discusses passwords, a topic that is subject to a never-ending arms race, and a skills-based procedure, the author and any of his affiliations are not responsible for any consequences or damages related to your interpretation, use, or application of the information and suggestions present in this article. This is the author’s opinion alone. The information herein is not professional advice. Seek professional guidance on passwords for your specific security and protection needs.

However, the author sincerely hopes that this helps you improve the strength and memorability of your passwords.

The Problem with Passwords

Have you gotten that note from a friend saying that you’ve been hacked?

And can you imagine what a hacker will learn about you when they get into your email? All those personal and private messages you’ve exchanged over the years? The business, personal, and private contact information. How about your online accounts such as Facebook, Amazon, online banking? And there are years of documents and sensitive data. And do you use the same password for those accounts as you do for this email that was just hacked? Oh, man.

You need a strong and unique password. It is one of the best defenses against being hacked, but who can remember this gibberish: 3reS8Y_JB()=Wx@U?

A password strength meter calculates that it would take 5 Trillion years for a computer to brute force crack this password, and it would take a human being almost as long to remember it.

What to do? Make a Memorable Password.

Make Memorable Passwords

Instead of relying upon a computer to pick a hack-resistant gibberish password for you, how about using that supercomputer you have between your ears instead. Your mind is very good at remembering places and associations. Use your brain for a change and make a Memorable Password.

Making a Memorable Password is very simple. It involves following a few simple steps that rely upon your mind’s natural memory ability. The process is as follows.

Look around the room in a clockwise fashion. As you look around the room, identify five unique objects that you like. There is no right or wrong in the choice of objects except that they must be unique.

Close your eyes and visualize these objects in your mind in the order that you saw them.

While going through this mental review, say each object’s name in your mind. be descriptive when saying each object’s name. Instead of saying “picture,” Briefly but specifically name the picture. For example, when I look around my office, I see a “Jazz Fest picture.”

Following these instructions, this is what I see:

Jazz Fest picture
Ornate framed mirror
MacBook Pro
Digital picture frame
Will Henry Stevens picture

Repeat this process until you get five different unique objects that work for you. Make sure they are descriptively named. Choose a different room or place if where you are in now doesn’t work for you for this step.

This process is based on a memory strategy called the “Journey Method.”

Once you have these five objects named, put the first two letters of each object’s names together to make a string of characters capitalizing each first letter.

This result is called the “Journey String” because it is based on the objects you selected from your Journey Method memory strategy.

The Journey String: JaOrMaDiWi

It already looks like a password, no? This is just step one, however. There’s more to come. Hack-resistant passwords need numbers and special characters to make them harder to break.

To come up with the numbers, think of two of your favorite people whose birthdates (year, month, day) that you remember.

Take the last number from the year of each of their birthdates. You will use these two numbers as part of your password. To do this, you must think of each person and the last number of their birth year in the same order each time. The two people I have in mind have birth years ending in 6 and 9, respectively.

Now, put two special characters between these two numbers. Choose special characters that make sense to you to be between these two people’s numbers. If no special characters make sense, then choose two. This choice is for you to decide. I choose &+.

Sandwiching the &+ between the numbers results in new string: 6&+9. We call this the “Birthday String” because it is based on the birthdays of your favorite people.

The Birthday String: 6&+9

Insert the Birthday String into the Journey String

Insert the Birthday String (6&+9) into the Journey String (JaOrMaDiWi) after an even-numbered (2, 4, 6,…) positioned character. Read that again if you need to.

The even number you chose can a number you like, or you can use a simple formula to decide it.

A suggestion for a simple formula to use is to take the last digit of your Birthday String and round it up to an even number if needed.

In our example, we have a ‘9,’ so it is rounded up to 10 to make it an even number.

Insert the Birthday String after the tenth character in the Journey String. Since the Journey String was ten characters long, we append the Birthday String to the end. This completes a Memorable Password.

The Memorable Password: JaOrMaDiWi6&+9

Now you’re cooking with passwords!

This has the makings of a pretty good password. It contains a variety of mixed-case letters, numbers, and special characters. It satisfies most password rules that you will encounter.

Running this through a password strength checker calculates that it will hold its own against a brute-force attack for over 300 centuries. That’s not bad.

I recommend that you change your password before then, however.

Make a Unique Password For Each Account

Make a unique Memorable Password for each account.

There is no limit to the number of different rooms, objects, numbers, and special characters you can use to create more passwords.

However, I share your frustration in having to maintain a unique password for each account. It can be overwhelming. Using Memorable Passwords makes this easier to manage.

Where in the next section you’ll see suggestions on how you can better remember this variety of Memorable Passwords, it is still a burden on your memory to place dozens of them.

To reduce this memory burden, you can add an account identifier to a Memorable Password to reuse it across accounts.

An account identifier is five or more characters that will help you to identify the account. It can be the beginning of the service or account name. It can be an acronym.

To avoid “handing over the keys” to a hacker, substitute special characters and numbers for some letters to add uniqueness. The substitutions you make are for you to decide. Choose the substitutions that make sense to you.

Only use this technique to identify unimportant and non-sensitive accounts. These would be accounts that, if hacked, won’t give access to any of your personal, private, financial, medical, or otherwise sensitive data.

Do not use this strategy for your most important online accounts. Do not use it on high-risk accounts. Exclude accounts with direct or unbounded access to your credit cards, bank accounts, or other personal financial resources. Do not use this for your primary and business emails, online banking, and other accounts that have sensitive and private information. Please do not use it on accounts that are favorite targets for hackers, either. Exclude social media accounts. It may exclude Zoom as well. Do not use this technique to protect your Amazon and other eCommerce accounts.

However, other accounts such as memberships, subscriptions, entertainment, utilities, news and newspapers, some services, and the like, may be appropriate to use this strategy to extend the use of one Memorable Password.

The one thing you learn in cybersecurity is that everything has some risk. These accounts that you use this strategy to help you remember are up to you as you own the risk you assume. That is why it is for not important and non-sensitive accounts only.

Remembering Memorable Passwords

Sometimes, our memory doesn’t “spark” when we try to recall even a simple thing, let alone a formula. In this case, believe it or not, it is okay to “cheat” a little bit to remember a Memorable Password.

First, bookmark this article. Read the steps each time you need to recall the process.

And you can spark your memory by looking at pictures of the rooms or other places that you used to create your Memorable Passwords.

Looking at these photos will help you recall the unique objects that you used. Likewise, you can keep pictures of your favorite people.

Keep these photos handy. Have them on your phone or your computer. They can be in a particular folder. Do not name the folder “passwords!” Nor should you name the photos in any way that suggests their use in your Memorable Password.

Or you can “star” or “heart” these photos in your photo manager to easily access them.

You can make the people whose birthdays that you used you favorite contacts if they aren’t already. Or you can keep their names with their full birthday on a note somewhere. If anyone asks why you have that written down, tell them that you have to remember their birthday. Do not tell anyone that it is part of your password.

You can even put the names of the rooms or places and the people on sticky notes. Writing a password on a sticky note is a cardinal sin of cybersecurity. However, just having “childhood bedroom” written down is meaningless to people who do not know the Memorable Password formula. Even if they know about it, they do not know the details that you use.

But I cannot stress enough for you not to share what you are doing. Don’t name any of these notes passwords. Do not name the accounts on your notes either.

Dialing Up the Password Strength

You can add more objects, numbers, and special characters to make this Memorable Password stronger.

Using our example, I would add the next unique object in the room, “bookshelf,” to the original Journey String. Adding “Bo” to the Journey String, gives us: JaOrMaDiWiBo

Next, I apply the same number formula but to the same two favorite people’s birth days: 3 and 7.

I choose two new special characters to create another Birthday String: 3!=7.

Putting this together results in: JaOrMaDiWi6&+9Bo3!=7.

What a strong password!

Parting Thoughts

Be gentle with yourself when trying this out for the first time. Use an account that is not important and one that is optional for you to log in. Choose an account that you are sure you can reset the password if you forget any part of the steps.

Practice makes permanent. Although this uses the native strengths of your memory, you still need to practice to make this easier to use.

Change your passwords routinely on a schedule that meets your risk management requirements.

Using a secure password manager is a good idea to help you wrangle your jumble of passwords. Sometimes you may not have access to a password manager to help you, however. The password manager topic is outside the scope of this discussion, however.

Finally, your personal cybersecurity is a continuous effort. Even after you master a Memorable Password practice, you still need to change them routinely as well as use additional account protection mechanisms such as two-step verification or multi-factor authentication as well as other account security controls.

But now you have a way to remember strong passwords.