Step 1: Choose a phrase
You can create a more secure password by starting with a simple phrase. For example, let’s use a quote from Ogden Nash:
“Happiness is having a scratch for every itch.”
If we use the first letter of each word, and substitute 4 for “for”, we get:
Step 2: Add special characters
This is a reasonably strong password but we can improve it a bit by adding some special characters:
Step 3: Associate it with a website
We can use our new password on several different websites by adding a prefix or suffix with a mnemonic link to a particular site. Let’s use the first letter and the next two consonants in the site name.
Just to add a bit more randomness we’ll alternate upper-case and lower case, and if the first character in the site name is a vowel we’ll start with upper-case. To mix things up a bit more we’ll use the same rule to decide whether to add the site mnemonic to the left side or the right side.
#Hihas4ei:AmZ for Amazon fCb#Hihas4ei: for Facebook #Hihas4ei:YtB for YouTube dRm#Hihas4ei: for Drumbeat
This is just one possible rule for picking the prefix or suffix that you use to customize your password for each web site. Reversing the order of the letters in the suffix, using only vowels, only consonants, or adding some other characters that come to mind when you think about the web site are all possible approaches that will improve security.
While this technique lets us reuse the phrase-generated part of the password on a number of different websites, it would still be a bad idea to use it on a site like a bank account which contains high-value information. Sites like that deserve their own password selection phrase.